Javascript XMLHttpRequest: Ignore invalid SSL Certificate
Question
so I have been having trouble with grabbing information from a device that is interfaced with via https due to the fact that it has an invalid security certificate. I know the device is to be trusted and I don't have access to the server-side so I can't change it. I was wondering if there was any way to set up an XMLHttpRequest object in Javascript to just ignore an invalid SSL certificate and just grab the information anyway. As it is now it seems to just reject the certificate and stop. Thanks.
3 answers
solution1
7 ACCPTED 2010-12-20 15:18:22
Well I had found this solution before but it didn't work, this was because I was still using actual XMLHttpRequest though. When creating it using this statement:
httpreq = new ActiveXObject("Msxml2.ServerXMLHTTP.3.0");
There is a method called setOption that is opened up for use:
httpreq.setOption(2, 13056);
With those parameters, the request now ignores the invalid certificate and grabs the information anyway. If I understand correctly this won't work with any non-Microsoft technology trying to run the script, but that's ok for the scope of my project.
solution2
5 2010-12-21 09:31:00
I know the device is to be trusted
Yes but you don't know whether you are really connected to the device.
That is the purpose of the certificate. That's why it has to be valid.
solution3
4 2010-12-20 15:02:19
No, there isn't. XMLHTTPRequest doesn't allow you to override that. Being able to override SSL security might make sense in your case, but if you think about it, it would be a bad idea in general. You'd never want to allow arbitrary javascript code on the internet to connect to a supposedly secure service that the js host (the browser) knows has a possible MITM issue.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.