WinBatch® Technical Support Forum

All Things WinBatch => WebBatch => Topic started by: JTaylor on April 12, 2017, 11:28:03 AM

Title: Calling WebService
Post by: JTaylor on April 12, 2017, 11:28:03 AM
Figured it was time for the Annual post to this forum.  Don't want WebBatch to feel left out.

I am trying to access a webservice that is running HTTPS.  It requires a certificate so I set this but it tells me that the certificate was issued by a chain that is not trusted.   The certificate is fine and set for Client Authentication as well.   Any suggestions?  Will this not work with an SSL Certificate?   Any other suggested approaches?   Have spent many hours and many different approaches but so far nothing.  Hoping it is something simple.   I can do what I need with no trouble on the same machine running WinBatch using a variety of methods.  Such as below, Msxml2.XMLHTTP, etc. but when I switch to WebBatch it fails.  Suggestions?

Jim

WinHttpReq = objectopen("WinHttp.WinHttpRequest.5.1")
WinHttpReq.Open("GET", "https://their.web.server/symws/rest/standard/searchCatalog?clientID=MyClient&term1=9781285740621", @false)
WinHttpReq.SetClientCertificate("LOCAL_MACHINE\MY\my.web.cert")

WinHttpReq.Send()

message("Debug", WinHttpReq.ResponseText)

ObjectClose(WinHttpReq)
Title: Re: Calling WebService
Post by: td on April 12, 2017, 11:51:37 AM
Don't have any suggestions.   Here is an old link to a slightly similar problem you had awhile back:

http://forum.winbatch.com/index.php?topic=1487.0 (http://forum.winbatch.com/index.php?topic=1487.0)
Title: Re: Calling WebService
Post by: td on April 12, 2017, 12:52:15 PM
I am sure you have already considered the possible negative impacts of user profile when running a script from a web server thread.
Title: Re: Calling WebService
Post by: JTaylor on April 12, 2017, 01:05:51 PM
I was hoping someone here had gotten smarter since then since I obviously haven't  :)

I think my main problem is it is running Web Server 2008 (not R2).

Please say more as I am not entirely certain I follow.

Jim
Title: Re: Calling WebService
Post by: td on April 13, 2017, 06:39:58 AM
Generally, a web server CGI process runs with restrictive standard user permissions.  This depends on the web server being used, of course.  So your WebBatch process may simply not have the correct permissions to access the certificate.    Perhaps try a web search on your certificate method for more info.
Title: Re: Calling WebService
Post by: JTaylor on April 13, 2017, 07:43:32 AM
Okay.  Thanks.

Jim
Title: Re: Calling WebService
Post by: bottomleypotts on August 06, 2017, 10:25:07 PM
Hey Jim,

I had an issue trying to connect to a TLS 1.2 secure server. The option(9) change made a difference to me. See how you do!

BP



WinHttpReq = objectopen("WinHttp.WinHttpRequest.5.1")
WinHttpReq.Option(9)=2560
WinHttpReq.Open("GET", "https://their.web.server/symws/rest/standard/searchCatalog?clientID=MyClient&term1=9781285740621", @false)
WinHttpReq.SetClientCertificate("LOCAL_MACHINE\MY\my.web.cert")

WinHttpReq.Send()

message("Debug", WinHttpReq.ResponseText)

ObjectClose(WinHttpReq)
Title: Re: Calling WebService
Post by: JTaylor on August 07, 2017, 06:11:33 AM
Thanks.  I believe I did try that to no avail.   Since that post my wife's work moved us and to simplify the move I paid for a managed server running Win Server 2016 so that solved the problem.  If I go back to running things locally I will update my server and that should solve the problem.  Thanks again for the reply.

Jim
Title: Re: Calling WebService
Post by: td on August 07, 2017, 06:31:30 AM
So your problem was the result of 2008 not supporting the newer TLS 1.2 protocol?
Title: Re: Calling WebService
Post by: JTaylor on August 07, 2017, 08:45:55 AM
That was my conclusion since stuff worked on newer versions of windows.  Was going to upgrade to 2008 R2 to test my theory but then got word we were being moved and decided to move stuff offsite for at least a year and then  the madness of finding a place to live and moving in under 60 days took precedence.

Jim
Title: Re: Calling WebService
Post by: td on August 09, 2017, 06:05:03 AM
There is a bug in Windows 2008 and Vista involving the crypto API.  Microsoft did issue  a fix for it but you have to download it yourself and it is only available for 64-bit versions of the OS's.  It is not part of any Windows Update package that I am aware of.  I can't say that the bug caused your specific problem but it does interfere with some certificate related activity.  For example, Windows 2008 or Vista will not recognize code signing certificates hashed with a SHA-2 unless the patch is applied.   This is more or less a bad thing since SHA-1 hashed certificates are considered unsafe and have been deprecated. 
Title: Re: Calling WebService
Post by: JTaylor on August 09, 2017, 06:10:15 AM
Will keep this in mind.  Thanks.

Jim