From: "Johan Delimon" <Johan on
Hello,

I have created an ASP page that requests special V2.0 Certificates for a user.
This is to use with our VPN solution.

My code errors on this line:
requeststr = CertEnroll.createRequest(XECR_CMC,dn, "")

This ASP page/Application has anonymous disabled and has Basic
Authentication Configured with SSL.

When I run this ASP page from any browser it gives me an '80070002' error.
But very strange is that from the moment that I logon via Terminal Session
to the Webserver with the user account logged into the web page my web page
runs fine (still running IE on workstation not on Server, I repeat the same
task again on the client)
So I checked some things and The requesting users have log on locally and
log on with terminal services.

This has me puzzled and I don't know what to do.
It Seems that the createrequest function needs something in the users
profile? Or Temp directory? Even with an enterprise admin account I have the
same error.

Does anyone know how to solve this?

Some searching on the internet found this but there is no workarround or
solution!
I have the error similar to this one:
http://groups.google.be/group/microsoft.public.platformsdk.security/browse_thread/thread/1eea14fd21cba198/c81d12a78d980f86?lnk=st&q=CEnroll.CEnroll+0x80070002&rnum=1&hl=nl#c81d12a78d980f86


Full Function is below

sub CreateCert(dn,displ)
Const AT_KEYEXCHANGE = 1
Const XECR_PKCS10_V2_0 = 1
Const XECR_CMC = 3
Const CR_IN_ENCODEANY = &HFF
Const CR_IN_FORMATANY = &H0
Const CR_DISP_ISSUED = &H3
Const FR_PROP_FULLRESPONSE = &H1
Const FR_PROP_ISSUEDCERTIFICATE = &H11
Const CR_OUT_BASE64 = &H1
Const PROPTYPE_BINARY = &H3

Set CertEnroll = Server.CreateObject("CEnroll.CEnroll")
CertEnroll.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"
CertEnroll.KeySpec = AT_KEYEXCHANGE
CertEnroll.GenKeyFlags = 1024 * (256 *256) +1
CertEnroll.addCertTypeToRequest(CertificateTemplate)

Set CertRequest = Server.CreateObject("CertificateAuthority.Request")

'Response.Write "<br>" & dn
'requeststr =
CertEnroll.createRequest(XECR_CMC,dn,"1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4")
requeststr = CertEnroll.createRequest(XECR_CMC,dn, "")
'Response.Write "<br>" & err.Description & " : " & err.number & " : " &
err.Source
'Response.Write "<br>" & dn
'WScript.Echo requeststr

disposition = CertRequest.Submit(CR_IN_ENCODEANY Or CR_IN_FORMATANY,
requeststr, "", CAConfig)

ID = CertRequest.GetRequestId()
'WScript.Echo ID

If disposition = CR_DISP_ISSUED Then
Dim Cert
Cert =
CertRequest.GetFullResponseProperty(FR_PROP_FULLRESPONSE,0,PROPTYPE_BINARY,
CR_OUT_BASE64)
CertEnroll.acceptResponse Cert
Cert = CertRequest.GetCertificate(CR_OUT_BASE64)
'Response.Write Cert
set certif = Server.CreateObject("CAPICOM.Certificate")
certif.import Cert
'Response.Write "<br>Valid To : " & certif.ValidToDate
SetSerialInAd dn,certif.SerialNumber
SetExpirationInAd dn,Cstr(certif.ValidToDate)

Dim filename
filename = CertificatesPath & displ & ".pfx"

Dim fso
Set fso = CreateObject("Scripting.FileSystemObject")
If (fso.FileExists(filename)) Then
fso.DeleteFile filename,true
End If
CertEnroll.createFilePFX PfxPassword,filename
response.Write "<div class='Box'>"
Response.Write GenerateTableLine ("GoLtrHS.gif","Certificate was created
Successfully!")
Response.Write "<br><br>" & GenerateTableLine ("infoBubble.gif","User :
" & displ)
Response.Write GenerateTableLine ("infoBubble.gif","<a href='pfx/" &
displ & ".pfx'>Download Certificate File</a>")

'Response.Write "<img src='Images/GoLtrHS.gif'/> Certificate was created
Successfully!"
'Response.Write "<br><br>User : " & displ
'Response.Write "<br><a href='pfx/" & displ & ".pfx'>Download Certificate
File</a>"
Else
GenerateError CStr(CertRequest.GetLastStatus())
End if
end sub