0

Heads up - I'm new to crypto topic. Due to technical constraints I'm bound to Excel and VBA.

I need to make a HTTP call over TLS1.2. I just can't find the correct form to pass my certificate as a string to the httpSender.SetClientCertificatestring method.

Any help appreciated.

p.s - the certificate is stored in a certificate store, not in registry.

This is my code:

Public Sub restApiCallV2()

' taken from: https://markohoven.com/2020/03/06/msxml2-serverxmlhttp-and-tls1-2/

Dim httpSender As Object
Dim strUrl As String
Dim blnAsync As Boolean
Dim strResponse As String
Dim jsonResponse As Object

strUrl = "https://jsonplaceholder.typicode.com/todos/2"
blnAsync = True

On Error GoTo eh
Set httpSender = New WinHttp.WinHttpRequest

'force TLS 1.2
httpSender.Option(WinHttpRequestOption_SecureProtocols) = SecureProtocol_TLS1_2
httpSender.Option(WinHttpRequestOption_EnableRedirects) = True


call httpSender.SetClientCertificate("my certificate string here")
httpSender.Open "GET", strUrl, False
httpSender.setRequestHeader "User-Agent", "My App V1.0"
httpSender.setRequestHeader "Content-type", "application/json"

Debug.Print ("Calling...")

httpSender.send ("") ' if get call, uses the URL in the open command
Failure = (httpSender.Status <> 200)
If Not Failure Then
    strResponse = httpSender.responseText
Else
    Call Err.Raise(5000, "start_here.restApiCallV2", "Failure: received status : " & XMLServer.Status)
End If


Debug.Print (strResponse)

Debug.Print ("Completed!")
Exit Sub
eh:
    Debug.Print ("Error!")
    Debug.Print ("Number: " & Err.Number & ", Source: " & Err.Source & ", Description: " & Err.Description)

End Sub
baruchl
  • 219
  • 2
  • 13
  • > the certificate is stored in a certificate store, not in registry. The certificate store is (in) the registry, see the [.SetClientCertificate](https://learn.microsoft.com/en-us/windows/win32/winhttp/iwinhttprequest-setclientcertificate) documentation: "The certificate store name and location are optional. However, if you specify a certificate store, you must also specify the location of that certificate store. The default location is CURRENT_USER and the default certificate store is "MY". A blank subject indicates that the first certificate in the certificate store should be used." – Hel O'Ween Sep 01 '21 at 15:39
  • https://stackoverflow.com/questions/17531400/what-subject-to-use-for-setclientcertificate – Tim Williams Sep 01 '21 at 16:58

1 Answers1

0

My colleague was able to help me, and this is what worked for us: call httpSender.SetClientCertificate("CURRENT_USER\name_of_certificate").

I assume you can use ROOT and CA instead of CURRENT_USER.

baruchl
  • 219
  • 2
  • 13