Hi Anjan,
Yes it appears to have started working again now!
Thanks
confirmed, mine is now working again!!
Thank you for your quick response
Yes, all fired up again. I wonder if it was a cert renewal that Windows Server hadn’t updated quickly enough?
All working now. What was the change?
Hey everyone,
We wanted to share an update for those using Classic ASP to call our APIs. Our server does request a client certificate but does not require one, but unfortunately the MSXML2.ServerXMLHTTP.6.0 object doesn’t properly handle client certificate authentication as per TLS standards. You might be able to find a workaround using the WINHTTP_NO_CLIENT_CERT_CONTEXT option flag with WinHttp instead, and can read more about the flag here. If that doesn’t work, another option is to pass any client certificate that you have installed on your server. This certificate isn’t used for authentication, so any certificate should theoretically be sufficient.
We understand this is disappointing, and we’re truly sorry for the disruption. However, at this time, we’re unable to provide dedicated support for Classic ASP and migrating off of Classic ASP is likely the the best long-term solution to work with our APIs.
If you have any questions or insights on workarounds that have worked for you, feel free to share them in this thread.
Thanks for your understanding,
Anjan
Edit: this StackOverflow post may be of help too. Since the certificate is not used for authentication, you can try to pass in a valid client certificate and make sure that your application has the proper permissions to use it. This approach of passing a client certificate should hopefully work for any other clients as well (incl. Non-Classic ASP) that are running into this issue.
2 Likes
I’ll try it… When will you turn the certificate request back on (or some sandbox to test it)?
I wonder why you have it set up that way. I connect securely to my bank, card gateway and SMS gateway via server.xmlhttp and I don’t have this problem with anyone.
I am afraid they already have…
WINHTTP_NO_CLIENT_CERT_CONTEXT doesn’t work for me.
Will migrate to PHP curl 
It seems to he occurring again.
It just does not work. Tried to set the option described above, then I generated self-signed client certificate, stored it in Personal storage, granted access to it to IIS USRS and AppPool identity user, enabled TLS 1.2, restarted iis, set the code to use the certificate in requests, prayed twice… and nothing.
Also not working again. We need a consistent solution on this that will work each time as we have products that depend on this
It’s stopped working again! Please rollback what you’re changing or at least offer us some more clues on how to work around it. The response above isn’t enough.
1 Like
I’m having the same issue with Obsidian plugin development. All plugins that call OpenAI are suddenly not working with error: net::ERR_SSL_CLIENT_AUTH_CERT_NEEDED
Same problem calling from Excel VBA…
Hi Martin, I am having the same problem. I have to use Make as an intermediator, until the problem is resolved (I have tons of Excel VBA-based applications which are affected by this issue)
You should provide a better solution than asking everyone to rewrite their code in other languages. (ex: a sample asp code that works)
Hi fellow ASP’ers. I spent some time on Sunday building a new COM wrapper object in C#. It can be instantiated in ASP by using Server.CreateObject and then used from within ASP code. Rather than creating a generic HTTP object, I focused on the actual problem we had - interfacing with OpenAI completions API.
It takes the following parameters: URL, model (like gpt-4o-mini), apiKey, systemPrompt and userPrompt and returns text of the response. Supports unicode characters.
in ASP it looks like this:
Set obj = Server.CreateObject(“OpenAIComWrapper.OpenAIWrapper”)
result = obj.QueryOpenAI(url, apiKey, model, sysPrompt, userPrompt, maxTokens)
It needs more love as it is rather raw, but it works. Now I need to post it somewhere on GitHub so you can use it… very busy today, but will try to do so asap…
2 Likes
Solved this error for IIS running classic asp by adding a line of code:
objhttp.SetClientCertificate “LOCAL_MACHINE\My\localhost”
The localhost certificate should have permissions for IUSR.
2 Likes
Excellent work! For MSXML2.ServerXMLHTTP.6.0 the solution is:
xml.setOption 3, “LOCAL_MACHINE\My\localhost”
2 Likes
For my production environment I had to create the localhost certificate, and allow “everyone” to have permissions for it to work. Details below:
Generate a Self-Signed Certificate
- Use PowerShell (Preferred on Windows Server): Open PowerShell as Administrator and run the following command:
New-SelfSignedCertificate -DnsName “localhost” -CertStoreLocation “Cert:\LocalMachine\My”
- Grant Permissions to IUSR:
- Right-click the certificate in the MMC under
Certificates (Local Computer) > Personal > Certificates. - Select Manage Private Keys.
- Add the
IUSRuser and grant itReadpermissions.