Calling WebService

Started by JTaylor, April 12, 2017, 11:28:03 AM

Previous topic - Next topic

JTaylor

Figured it was time for the Annual post to this forum.  Don't want WebBatch to feel left out.

I am trying to access a webservice that is running HTTPS.  It requires a certificate so I set this but it tells me that the certificate was issued by a chain that is not trusted.   The certificate is fine and set for Client Authentication as well.   Any suggestions?  Will this not work with an SSL Certificate?   Any other suggested approaches?   Have spent many hours and many different approaches but so far nothing.  Hoping it is something simple.   I can do what I need with no trouble on the same machine running WinBatch using a variety of methods.  Such as below, Msxml2.XMLHTTP, etc. but when I switch to WebBatch it fails.  Suggestions?

Jim

WinHttpReq = objectopen("WinHttp.WinHttpRequest.5.1")
WinHttpReq.Open("GET", "https://their.web.server/symws/rest/standard/searchCatalog?clientID=MyClient&term1=9781285740621", @false)
WinHttpReq.SetClientCertificate("LOCAL_MACHINE\MY\my.web.cert")

WinHttpReq.Send()

message("Debug", WinHttpReq.ResponseText)

ObjectClose(WinHttpReq)

td

Don't have any suggestions.   Here is an old link to a slightly similar problem you had awhile back:

http://forum.winbatch.com/index.php?topic=1487.0
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

td

I am sure you have already considered the possible negative impacts of user profile when running a script from a web server thread.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

JTaylor

I was hoping someone here had gotten smarter since then since I obviously haven't  :)

I think my main problem is it is running Web Server 2008 (not R2).

Please say more as I am not entirely certain I follow.

Jim

td

Generally, a web server CGI process runs with restrictive standard user permissions.  This depends on the web server being used, of course.  So your WebBatch process may simply not have the correct permissions to access the certificate.    Perhaps try a web search on your certificate method for more info.
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

JTaylor


bottomleypotts

Hey Jim,

I had an issue trying to connect to a TLS 1.2 secure server. The option(9) change made a difference to me. See how you do!

BP



WinHttpReq = objectopen("WinHttp.WinHttpRequest.5.1")
WinHttpReq.Option(9)=2560
WinHttpReq.Open("GET", "https://their.web.server/symws/rest/standard/searchCatalog?clientID=MyClient&term1=9781285740621", @false)
WinHttpReq.SetClientCertificate("LOCAL_MACHINE\MY\my.web.cert")

WinHttpReq.Send()

message("Debug", WinHttpReq.ResponseText)

ObjectClose(WinHttpReq)

JTaylor

Thanks.  I believe I did try that to no avail.   Since that post my wife's work moved us and to simplify the move I paid for a managed server running Win Server 2016 so that solved the problem.  If I go back to running things locally I will update my server and that should solve the problem.  Thanks again for the reply.

Jim

td

So your problem was the result of 2008 not supporting the newer TLS 1.2 protocol?
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

JTaylor

That was my conclusion since stuff worked on newer versions of windows.  Was going to upgrade to 2008 R2 to test my theory but then got word we were being moved and decided to move stuff offsite for at least a year and then  the madness of finding a place to live and moving in under 60 days took precedence.

Jim

td

There is a bug in Windows 2008 and Vista involving the crypto API.  Microsoft did issue  a fix for it but you have to download it yourself and it is only available for 64-bit versions of the OS's.  It is not part of any Windows Update package that I am aware of.  I can't say that the bug caused your specific problem but it does interfere with some certificate related activity.  For example, Windows 2008 or Vista will not recognize code signing certificates hashed with a SHA-2 unless the patch is applied.   This is more or less a bad thing since SHA-1 hashed certificates are considered unsafe and have been deprecated. 
"No one who sees a peregrine falcon fly can ever forget the beauty and thrill of that flight."
  - Dr. Tom Cade

JTaylor

Will keep this in mind.  Thanks.

Jim