Due to the nature of our system, we need to dynamically import certificate
files into windows certificates store and access the certificate store from
ASP pages, these ASP pages call a VB dll component, which uses the CAPICOM
component to manipulate windows certficate store.
Because ASP is running under IWAM account, we got "Access is denied" error
when trying to import the certificate files. We registered the VB
components under COM+ to get around this security problem. However,
recently we are experiencing all sorts of problems with COM+ ( eg.
DLLHost.exe hang with 100% CPU after heavy traffic, ActiveX component can
not be created out of sudden), we decided to move this VB component out of
COM+, which means we are facing the same old "Access is denied" problem
I did some search in the newsgroups, somebody suggested to log on under IWAM
account to enable ASP import certificates, however, because our machine is
the server, this is not a prefered option.
Also, there is a tool provided by microsoft called "winhttpcertcfg.exe",
which can import certficates into the certifcate store and allow IWAM
account to access them. At this stage, I am thinking to use shell command
to call this exe from VB program, however, I am not quite comfortable with
Can anybody give me some sugguestion or let me know if I am on the right
Thanks in advance.