I have the below code to get data from my https website having godaddy certificate.but i unable to get the result from the url.
port = CreateObject("roMessagePort")
req = createObject("roUrlTransfer")
req.SetMessagePort(port)
req.setCertificatesFile("pkg:/source/domain.crt")
req.AddHeader("X-Roku-Reserved-Dev-Id", "")
req.InitClientCertificates()
req.setUrl("https://domain.com/index.php/roku/getdata")
response = req.getToString()
print "response: "; response
Note: i edited /etc/apache2/sites-available/default-ssl.conf file to add godaddy certificate.in my website,https is working.i alwaise getting error code -77.i exported the crt file from mozilla firefox.is this a correct way?
No idea about the correct format of certificate export. But have you tried:
req.SetCertificatesFile("common:/certs/ca-bundle.crt")
Related
So, I'm trying to scrape the following public site using vba and the WinHttp library:
https://auctions.seecao.com/DAILY_AUCTION_LIST
Having examined the network traffic when the "Show Data" button is clicked, I came up with my code:
Sub test()
Dim border As String
Dim req As New WinHttpRequest
Dim url As String
Dim reqBodyObj As Object, respObj As Object, auction As Object
Dim reqBodyStr As String
Dim deliveryDay As Date
url = "https://auctions.seecao.com/api/DailyAuction/GetDailyAuctionList"
deliveryDay = Date
border = "ALME"
Set reqBodyObj = JsonConverter.ParseJson("{""parameters"":{""dayFrom"":""2021-04-01"",""dayTill"":""2021-04-01"",""auctionState"":[0,3,4,5,6,7,9]}}")
reqBodyObj("parameters")("dayFrom") = Format(deliveryDay + 1, "yyyy-mm-dd")
reqBodyObj("parameters")("dayTill") = Format(deliveryDay + 1, "yyyy-mm-dd")
reqBodyStr = JsonConverter.ConvertToJson(reqBodyObj)
With req
.Open "POST", url, False
.setRequestHeader "Content-Type", "application/json"
.Option(WinHttpRequestOption_SslErrorIgnoreFlags) = 256 '=0x0100 =ignore "Unknown certification authority (CA) or untrusted root" error refer to: https://learn.microsoft.com/en-us/windows/win32/winhttp/winhttprequestoption
.send reqBodyStr
Debug.Print .responseText
Set respObj = JsonConverter.ParseJson(.responseText)
End With
For Each auction In respObj("dailyAuctionListData")("rows")
If auction("columns")("auctionName") Like border & "*" Then
Debug.Print auction("columns")("id")
End If
Next auction
End Sub
It's probably worth noting that the first time you visit the site via a browser you'll get a warning saying that the server's certificate is not trusted and you'll have to add an exception to visit it:
To overcome this I used this .Option(WinHttpRequestOption_SslErrorIgnoreFlags) = 256 to ignore the errors.
Everything worked fine for about a month. Today however I started getting the following error:
Run-time error '-2147012711 (80072f99)': No credentials were available
in the client certificate.
So I suppose that the website started requesting a client certificate?
Requesting the data through a browser works normally without the need of any credentials and the POST request that is being sent under the hood seems to be the same as it used to be. Editing and resending the request via the browser's developer tools also works without any problems.
So my question is, what is going on here? Is the site asking for a client certificate?
And if so, which client certificate does Firefox use under the hood?
Does the browser use some kind of a default certificate for these cases?
Why am I asked for credentials when I run the code when clearly they are not needed when I visit the page?
Finally, when I try to specify a random certificate like so :
.SetClientCertificate "NameOfCertificate"
the request is being sent and I get the following response:
<html>
<head><title>400 The SSL certificate error</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The SSL certificate error</center>
<hr><center>nginx/1.18.0</center>
</body>
</html>
Keep in mind that it's a public site accessible to everyone. No subscription needed.
EDIT
The same request works just fine with Postman after disabling SSL certificate verification. Is there a way to imitate this behavior in VBA?
(This question was originally titled, "Why is curl_exec() failing in this script?" But by adding calls to curl_errno() and curl_error() in the script, I found out that the problem was the certificate, and I've edited the question accordingly.)
The following script:
<?php
$sDataFile = '<path>\journal-issue-ToC.htm';
$sURL = 'https://onlinelibrary.wiley.com/toc/14678624/2014/85/1';
$bHeader = false;
$cURLhandle = curl_init();
$FilePointer = fopen($sDataFile, 'wb');
curl_setopt($cURLhandle, CURLOPT_URL, $sURL);
curl_setopt($cURLhandle, CURLOPT_FILE, $FilePointer);
curl_setopt($cURLhandle, CURLOPT_HEADER, $bHeader);
$bResult = curl_exec($cURLhandle);
echo('<br>' . ($bResult === false ? 'Failed to execute' : 'Executed') . ' cURL.');
if(! $bResult) echo('<br>Error #' . curl_errno($cURLhandle) . ': ' . curl_error($cURLhandle));
curl_close($cURLhandle);
fclose($FilePointer);
saves the empty file "journal-issue-ToC.htm" and generates the following browser output:
Failed to execute cURL.
Error #60: SSL certificate problem: unable to get local issuer certificate
So it appears that cURL encounters a certificate problem that doesn't happen when I access the requested URL in the browser. What do I need to know about certificates in order to get this script to work?
I'm running PHP 7.2.2 on IIS 7.5 under Windows 7 64 bit.
What I needed to know about certificates in order to get cURL to work is in an article on GitHub, which explains the need for certificates in cURL and how to get and apply them:
What we're talking about are SSL certificates, needed for the https protocol. "CA" stands for "certificate authorities".
Download the certificates from https://curl.haxx.se/ca/cacert.pem (documentation).
In the file "php.ini", in the section on cURL, uncomment the command for the CURLOPT_CAINFO option and specify the location of the downloaded file "cacert.pem”. After saving the ini file, restart the webserver to effect the change.
I did this with a couple of variations:
I chose to set the value of CURLOPT_CAINFO in the function curl_setopt() instead of in the file "php.ini".
I at first got error 77, "error setting certificate verify locations". This was fixed by moving the file "cacert.pem" to a folder under the folder "Program Files\PHP".
After doing that, the script ran without error and the output file was not empty. But what it contained was still not what I need, which is the subject of a new question.
I try to add a p12 file to JMeter 3.3 configuration to reach a site.
I added following lines to system.properties file:
javax.net.ssl.keyStoreType=pkcs12
javax.net.ssl.keyStore=C:\certs\mycert.p12
javax.net.ssl.keyStorePassword=mypassword
After that I restarted JMeter, but got the same error, javax.net.ssl.SSLHandshakeException. I converted p12 file with keytool to jks and added the following lines to same file by replacing previous ones.
javax.net.ssl.keyStore=C:\certs\mycert.jks
javax.net.ssl.keyStorePassword=mypassword
Error message is the same in this case too:
Response code: Non HTTP response code:
javax.net.ssl.SSLHandshakeException Response message: Non HTTP
response message: Received fatal alert: handshake_failure
I use HTTP Client 4 as implementation for HTTP Samplers. When I import same certificate to browser, it is working correctly.
I tried to follow this tutorial too: How to configure JMeter to use client side SSL
You can use Options -> SSL Manager option, where you can select your .p12 file to be used in current Test plan.
Using SoapUI 5.2.1 with the SSL client cert configured...
A python request to the endpoint like so
import requests
HOST = 'https://HOST'
CERT_FILE = 'CERT.crt'
KEY_FILE = 'KEY.key'
ping_response = requests.get(HOST, cert=(CERT_FILE, KEY_FILE))
print(ping_response)
works fine, but when I turned the cert/key into a PFX or a java keystore and load it into SoapUI like so
http://geekswithblogs.net/gvdmaaden/archive/2011/02/24/how-to-configure-soapui-with-client-certificate-authentication.aspx
I run a request and get a 400 Bad Request response with a body of "No required SSL certificate was sent"
It seems that the client cert is not being sent. Is there another step to configuring SoapUI for client auth? Do I need to specifically link it to the project or request somewhere?
I'm trying to connect to a site, e.g www.yahoo.com via proxy using python requests library. So, I define proxy settings as:
HOST = 'host'
PORT = 1234 # random port I have used here
USER = 'user'
PASS = 'password'
PROXY = "%s:%s#%s:%d" % (USER, PASS, HOST, PORT)
PROXY_DICT = {
"http" : 'http://' + PROXY,
"https" : 'https://' + PROXY,
}
I use the following line of code:
requests.get('http://www.yahoo.com', proxies=proxy_dict)
This doesn't raise an exception but the response text is an error page from the proxy saying "Ensure you have installed the certificate". I have a certificate "certificate.crt", which runs fine when used with chrome browser. And the certificate is self-signed. I have tried a couple of things which raise errors.
When used the crt file as a verify param, following error:
SSLError: [Errno bad ca_certs: 'certificate.crt'] []
When used the crt file as a cert param, following error:
Error: [('PEM routines', 'PEM_read_bio', 'no start line'), ('SSL routines', 'SSL_CTX_use_certificate_file', 'PEM lib')]
I managed to get a .pem file(I'm not sure but, it might have been generated using a key and a crt file) as well. When using it with cert param, it doesn't throw error, but the response text is again having the text "...Ensure that the certificate is installed..."
When used .pem file with verify param, following error:
SSLError: [Errno bad handshake] [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
Now when I refer to requests docs, I see I can use two parameters verify and cert. What shall I use here? And how?