Windows 7 & 10 Could not perform WinHttp operation. Error: (12175)

Sorin_Meleanca · July 14, 2022, 11:55am

Hi,

I receive this error:
Could not perform WinHttp operation.
Error: (12175) Error in Server SSL Certificate Expired certificate

One week ago, on a Windows 7 PC, I received the error described in this post:
WinHttpClientException

I resolved that problem using the fix presented in this post:
Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows

Now the error is very appropriate to the previous error but I receive the message: Server SSL Certificate Expired certificate. I receive this error on a Windows 10 PC, too.

The Rest server is a public server and it can be used by other apps.

wlandgraf · July 14, 2022, 2:46pm

Well, there isn't much more that can be done, it says the server certificate is expired. Unless something really weird is going on, the server certificate is expired and has to be renewed.

Sorin_Meleanca · July 15, 2022, 8:47am

I don't understand. What certificate? The public server is maintained by a public authority from the health domain and is accessed daily by a lot of other apps. My app is just a client that wants to read info from that public server. I don't use any certificate and for sure I can access the public server from a web platform like "postman.com" where I test some Rest/API endpoints. Also, I have installed on a win10 computer another app that can access the server without problems. With our app (Delphi/TMS) we still receive this error

wlandgraf · July 16, 2022, 11:13pm

Yes, the server certificate. Can you please provide more details? A way to reproduce the issue? What you are doing in postman?

Sorin_Meleanca · July 18, 2022, 6:54am

Can you please provide more details?
My methods:

procedure TdmRENV.DataModuleDestroy(Sender: TObject);
begin
FClient.Free;
end;

procedure TdmRENV.DataModuleCreate(Sender: TObject);
begin
FClient := THTTPClient.Create;
end;

function TdmRENV.DoRequest(HttpMethod: THttpMethod; EndPoint: string; var
ReqHeaders: TReqHeaders; BodyContent: string; HttpContentType:
THttpContentType = application_json; HttpBodyType: THttpBodyType = StringBody): string;
var
Resp: THttpResponse;
Req: THttpRequest;
ReqHeader: TReqHeader;
I: integer;
HeaderName, HeaderValue: string;
const
RENVUri = '...';
begin
Resp := nil;
Req := FClient.CreateRequest;
try
// set uri
Req.Uri := RENVUri + EndPoint;

// set request method

...

// set custom headers, if any

...

// set content body, if available.

...

// set content type

...

// perform request
Resp := FClient.Send(Req);

if Resp.StatusCode <> 200 then
  raise Exception.Create(Format('%d %s', [Resp.StatusCode, Resp.StatusReason]))
else if IsTextResponse(Resp.ContentType) then
  Result := TEncoding.Default.GetString(Resp.ContentAsBytes)
else
  Result := FillBinaryBody(Resp.ContentAsBytes);

finally
Req.Free;
Resp.Free;
end;
end;

A way to reproduce the issue?
Unfortunately, the public server needs authorisation (with a private user and password) and use geolocation filters

What you are doing in postman?
I test some scenarios like:

log in (with user and password) and read the Bearer token
get all catalogus
register some persons
register some info about a person
read info about a person
and so one
I use both versions of the postman: the web edition and the desktop. In this particular case (the production server), I use the desktop version (windows 10) because there are some geolocation filters. On the same computer, I installed our Delphi/TMS app and I receive the Error: (12175) Error in Server SSL Certificate Expired certificate!

Sorin_Meleanca · July 18, 2022, 9:07am

Now, I have the confirmation that the server certificate has expired!
Anyway, other apps continue to work, with a small warning if any. Can I change some configuration in my Delphi/TMS app to continue to work even with an expired certificate?

wlandgraf · July 18, 2022, 10:49pm

You can use this approach to ignore the expired certificate: Http Client | TMS Sparkle documentation

But that's not good practice, of course. That defeats the whole purpose of using certificates. The server should simply update the certificate, and every client that uses the server should reject requests to the server until then.

Sorin_Meleanca · July 19, 2022, 6:21am

Thank you!
The situation was clarified.
The production server has a valid certificate and the test server's certificate will be updated soon. My app is still connected to the test server (isn't a version for production) and that was the reason why my app wasn't able to connect to the (test) server and other apps were able to connect to the (production) server.

system · July 19, 2022, 12:26pm

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.