how to bypass a known-bad SSL certificate

[Rob Shaw-Fuller]

I'm writing a VBScript to download some content from a number of internal
webservers. I'm downloading both secure (https) and non-secure (http)
content. One of these webservers (a test machine) has a number of problems
with its SSL certificate, not the least of which is that the certificate has
expired. Every time my script tries to download from the webserver with the
bad SSL certificate, Windows helpfully gives me a warning dialog that I must
click through before the script can continue. Is there any way to avoid
this warning for a specific certificate and/or webserver? I'm aware that
the certificate has issues, but it won't be replaced and/or renewed any time
soon (largely because it's on a test machine), so how can I work around it?

I have already tried:
* adding the site to Internet Explorer's "Trusted Sites" (didn't help)
* changing the system date to a period before the certificate expired when
accessing the problem webserver, then changing it back afterward (still saw
the warning dialog, because of another problem with the certificate)

I am using WSH 5.6 on WinXP SP2, with MSXML 4.0 SP2.

Code follows:
Sub CheckLink(strURL, strOutput)
Dim objHTTP, objStream, tStart, tElapsed
Set objHTTP = WScript.CreateObject("MSXML2.XMLhttp.4.0")
objHTTP.Open "HEAD", strURL, False
objHTTP.Send
WScript.Echo "Headers from " & strURL
WScript.Echo objHTTP.getAllResponseHeaders
WScript.Echo
objHTTP.Open "GET", strURL, False
objHTTP.Send
tStart = timer()
Set objStream = CreateObject("ADODB.Stream")
objStream.Type = adTypeBinary
objStream.Open
objStream.Write objHTTP.ResponseBody
objStream.SaveToFile strOutput, adSaveCreateOverWrite
Set objHTTP = Nothing
Set objStream = Nothing
tElapsed = timer() - tStart
WScript.Echo "Saved: " & strURL & vbCRLF & "To: " & strOutput & vbCRLF &
"Time: " & tElapsed & " seconds..." & vbCRLF
End Sub

Any assistance would be greatly appreciated!

Rob Shaw-Fuller
robsha...@hotmail.com

[Bill James]

Is this script just for running on one machine that you control? If so, you might be able to just disable certificate checking in IE Advanced Options. However, you need to be aware of the risk if you are using the same computer for surfing. If you can run down a Registry setting for the certificate checking, you might even be able to toggle it off and on when you run the script.

--

Bill James
Microsoft MVP - Shell/User

Windows VBScript Utilities » www.billsway.com/vbspage/
Windows Tweaks & Tips » www.billsway.com/notes_public/

"Rob Shaw-Fuller" <robsha...@hotmail.com> wrote in message news:OYA2yVj1...@TK2MSFTNGP09.phx.gbl...

[Joe Fawcett]

"Bill James" <wgj...@mvps.org> wrote in message
news:e83fNLn1...@TK2MSFTNGP11.phx.gbl...

--

Alternatively you might use the ServerXmlHttp request, using the setOption
method you can ignore certificate errors.

--

Joe (MVP - XML)

[Rob Shaw-Fuller]

"Joe Fawcett" <joefa...@hotmail.com> wrote...
[SNIP]

> Alternatively you might use the ServerXmlHttp request, using the setOption
> method you can ignore certificate errors.
>
> --
>
> Joe (MVP - XML)

Hoo-AH! That worked perfectly. I had seen the ServerXmlHttp object, but
somehow it got stuck in my head that it was only for servers. It works fine
on clients, I'm happy to say. Thanks, Joe!

New-and-improved code, for those who care:

Sub CheckLink(strURL, strOutput)
Dim objHTTP, objStream

Set objHTTP = WScript.CreateObject("MSXML2.ServerXMLHTTP.4.0")
objHTTP.SetOption 2, 13056 ' Ignore all SSL errors

objHTTP.Open "GET", strURL, False
objHTTP.Send

Set objStream = CreateObject("ADODB.Stream")
objStream.Type = adTypeBinary
objStream.Open
objStream.Write objHTTP.ResponseBody
objStream.SaveToFile strOutput, adSaveCreateOverWrite
Set objHTTP = Nothing
Set objStream = Nothing

WScript.Echo "Saved: " & strURL & vbCRLF & "To: " & strOutput & vbCRLF

End Sub

Rob Shaw-Fuller
robsha...@hotmail.com