server giving msxml3.dll error '80072f7d' when trying to access secure url

aaronjelias picture aaronjelias · Apr 22, 2014 · Viewed 11k times · Source

For years I have used classic asp to connect to the secure site of a supplier using msxml3.dll - but since this morning, I am getting;

msxml3.dll error '80072f7d' 

An error occurred in the secure channel support

I have had a good look around and can see that I am not the only one to have seen this - but cannot find a solution.

The partner site has just updated their ssl certificate. If I try to connect to the remote url from the server using IE or Chrome, it fails to connect reporting a nonvalid digital signature on the site's certificate. However, if I try to connect from my local computer, it works without a problem and I can see that the server identity has been correctly established.

Any help would be really appreciated.

Answer

aaronjelias picture aaronjelias · Apr 24, 2014

In Microsoft Windows Server 2003, applications that use the Cryptography API (CAPI) cannot validate an X.509 certificate. This problem occurs if the certificate is secured by the Secure Hash Algorithm 2 (SHA2) family of hashing algorithms. Applications may not work as expected if they require the SHA2 family of hashing algorithms.

http://support.microsoft.com/kb/938397 fixed the problem for me.