Sample code for 30+ languages & platforms
Classic ASP

HTTPS Server Certificate Require Hostname Match

See more HTTP Examples

Demonstrates and explains the RequireHostnameMatch property.

Chilkat Classic ASP Downloads

Classic ASP
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<%
' The RequireHostnameMatch property was added in Chilkat v11.0.0
' to ensure the URL's hostname matches at least one of the server certificate SAN's (Subject Alternative Names)
' 
' In actuality, it is the SNI hostname that must match.  If the SNI hostname is not explicitly set,
' then Chilkat uses the hostname from the URL as the SNI hostname.

' Here's an example using chilkatsoft.com
' The SSL server certificate for chilkatsoft.com has 2 Subject Alternative Names:
' 
' 1) DNS Name: *.chilkatsoft.com
' 2) DNS Name: chilkatsoft.com
' 
' See Explaining the SNI Hostname in TLS

set http = Server.CreateObject("Chilkat.Http")

http.RequireHostnameMatch = 1

' This should succeed because "www.chilkatsoft.com" matches the SAN entry "*.chilkatsoft.com"
html = http.QuickGetStr("https://www.chilkatsoft.com/helloWorld.html")
Response.Write "<pre>" & Server.HTMLEncode( "1) Succeeded: " & http.LastMethodSuccess) & "</pre>"

' At the time of writing this example, the IP address for chilkatsoft.com is 3.101.18.47
' If we send the request using the IP address, it will fail because the IP address is does 
' not match any of the SAN entries in the server certificate.
html = http.QuickGetStr("https://3.101.18.47/helloWorld.html")
Response.Write "<pre>" & Server.HTMLEncode( "2) Succeeded: " & http.LastMethodSuccess) & "</pre>"

' However, it will succeed if we explicitly set the SNI hostname.
http.SniHostname = "www.chilkatsoft.com"
html = http.QuickGetStr("https://3.101.18.47/helloWorld.html")
Response.Write "<pre>" & Server.HTMLEncode( "3) Succeeded: " & http.LastMethodSuccess) & "</pre>"

' Remove our explicit SNI hostname.
http.SniHostname = ""

' Now let's try wrong.host.badssl.com
' The SSL server certificate for badssl.com has 2 Subject Alternative Names:
' 
' 1) DNS Name: *.badssl.com
' 2) DNS Name: badssl.com

' The domain wrong.host.badssl.com will fail the RequireHostnameMatch because
' the wildcarded domain SAN entry only extends 1 level deep.  
html = http.QuickGetStr("https://wrong.host.badssl.com/")
Response.Write "<pre>" & Server.HTMLEncode( "4) Succeeded: " & http.LastMethodSuccess) & "</pre>"

' The expected output is:
' 1) Succeeded: True
' 2) Succeeded: False
' 3) Succeeded: True
' 4) Succeeded: False

%>
</body>
</html>