We have noticed an issue of CreateObject call failure after installing MS07-045 IE update. This issues goes away if you uninstall the patch.  As per the information available it's happening only when .NET managed component (using interop) is called from an ASP page.

Error shown in the browser looks like below

Server object error 'ASP 0177 : 8000ffff'
Server.CreateObject Failed
/hellocom.asp, line 2
8000ffff

Repro steps given below

• Install MS07-045 security patch
• Create a .NET managed component (helloworld.dll)
• Make it COM visible and register it using "regasm helloworld.dll /codebase"
• Create an ASP page (inside your website folder) which calls this component using CreateObject (hellocom.asp)
• The page fails with the error mentioned above

For repro and testing I'm attaching following repro files

• helloworld.dll (managed component)
• hellocom.asp (which uses the above component using CreateObject call)

Code inside helloworld.dll

using System;
using System.Collections.Generic;
using System.Text;

public class HelloWorldClass
{
    public HelloWorldClass()
    {}

    public String SayHello()
    {
     return "Hello World";
    }
}

Code inside hellocom.asp

In my repro I get access denied for these registry keys for IUSR account

Till an official update is available on this issue, please run regmon and fix the permission issues shown in the logs. Please give permission to only the user account shown in regmon logs and not for everyone group since it would increase security risk.

For testing if the permission requirement is only for IUSR account, add IUSR account to administrators group and test. In my case it works and confirms that it's missing permission only for IUSR. This step is for only for testing and needs to be reverted immediately.

Uninstalling this patch is not recommended since it's a security update.

Although the title says webserver certificates the script is not limited to webserver certificates only.

This script is useful for admins to check expiry dates of server certificates and be prepared to renew or change them. In case if you have ideas of using this in your server environment and you need help in tweaking this script do let me know.

Please copy & paste script below into a file called "CertExpiryCheck.vbs" and run the script from command line like

C:\> cscript certexpirycheck.vbs [SubjectName]

C:\> cscript certexpirycheck.vbs sukak

* here "sukak" is subject name which usually would be your domain name (FQDN)
* Issued by also shows "sukak" in my case since the test was done using self issued certificate created using selfSSL.exe

'**************************************************
'* CertExpiryCheck.vbs
'* Enumerate certificates with day left for expiry 
'**************************************************

Option Explicit
Dim SubjectName
If WScript.Arguments.Count > 0 Then
    SubjectName = LCase(WScript.Arguments(0))
Else
    CommandUsage
End If

Dim Store, Certificates, Certificate
Const CAPICOM_LOCAL_MACHINE_STORE = 1
Const CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME = 1        
Const CAPICOM_STORE_OPEN_READ_ONLY = 0

Set Store = CreateObject("CAPICOM.Store")
Store.Open CAPICOM_LOCAL_MACHINE_STORE, "MY" ,CAPICOM_STORE_OPEN_READ_ONLY
Set Certificates = Store.Certificates.Find(CAPICOM_CERTIFICATE_FIND_SUBJECT_NAME, SubjectName, 0)

If Certificates.Count >0 Then
   For Each Certificate in Certificates
    'Certificate.display()    'If you want to see the Cert in UI
    WScript.Echo "*** Subject " & Certificate.SubjectName & " ***"
    WScript.Echo "Issued by " & Certificate.IssuerName 
    WScript.Echo "Valid from " & Certificate.ValidFromDate & " to " & Certificate.ValidToDate 
    WScript.Echo "Days to expiry " & DateDiff("d",now(),Certificate.ValidToDate)
    WScript.Echo 
   Next
 Else
  WScript.Echo "No certificates with SubjectName => '" & SubjectName & "'"
End If

Set Certificates = Nothing
Set Store = Nothing

Sub CommandUsage
  MsgBox "Usage: CertExpiryCheck.vbs  [SubjectName] ", vbInformation,"CertExpiryCheck"
  WScript.Quit(1)
End Sub

Just keep in mind you need capicom.dll to use this script. This comes default on Windows 2003 (I guess) but might need to be downloaded and registered on other platforms like Vista. Use regsvr32 capicom.dll to register it first before using the script.

I had written a sample to redirect all http traffic to https (secure) in September 2006 http://blogs.msdn.com/sukeshak/archive/2006/09/03/http2https.aspx

In one of our internal discussion alias the question came up that this method does not work when SSL is forced on the website. Step 5 below handles that scenario by checking the "403.4 SSL required" response and handling it during OnEndRequest event.

So let us get into action (I'm using C# for this sample)

1. Download and Install IIS7 Managed Module Starter Kit
   (Not really a requirement but it would make developing IIS7 modules easier)
2. Rename the default class name created to "redir.cs" and rename project/solution/namespace to "http2https"
3. Add the following code in "Init" method
   

   // register for the BeginRequest event
   application.BeginRequest += new EventHandler(OnBeginRequest); 
   application.EndRequest += new EventHandler(OnEndRequest);

4. Add the following method to implement "BeginRequest" event
   

   //BeginRequest implementation
   public void OnBeginRequest(Object sender, EventArgs e)
   {
   HttpApplication app = (HttpApplication)sender;
   string HttpUrl = app.Request.Url.ToString(); 
   
      if (HttpUrl.StartsWith("http:"))                           //Redirection done only if URL starts with http:
      {
      HttpUrl = HttpUrl.Replace("http:", "https:");
      app.Response.Redirect(HttpUrl.ToString(), true);           //Redirecting (http 302) to the same URL but with https
      app.Response.End();                                        //We don't want to go any further so end
      }
   } 
   

5. Add the following method to implement "OnEndRequest" event

   //This is for scenario where SSL is forced on the site
   public void OnEndRequest(Object sender, EventArgs e)
   {
     HttpApplication app = (HttpApplication)sender;
     if (app.Response.StatusCode == 403 && app.Response.SubStatusCode == 4)
     { 
       string HttpUrl = app.Request.Url.ToString();
   
       if (HttpUrl.StartsWith("http:"))
       {
           HttpUrl = HttpUrl.Replace("http:", "https:");
           app.Response.Redirect(HttpUrl.ToString(), true);
           app.Response.End();
       }
   }
   
   

   
   
6. Make sure you have the following in your web.config inside configuration tag
   

   <system.webServer>
   <modules>
      <add name="redir" type="http2https.redir" />
   </modules>
   </system.webServer> 
   

Your http to https redirection sample is ready and also works if you force SSL!!!

How to deploy the HttpModule
There are multiple ways you can deploy this component (I'm assuming that it's being deployed for "default website")

Method 1
Create a folder called "App_Code" inside "%systemdrive%\inetpub\wwwroot"
Copy "redir.cs" file into "App_Code" folder
Copy "web.config" file inside "%systemdrive%\inetpub\wwwroot"

Method 2
Create a folder called "bin" inside "%systemdrive%\inetpub\wwwroot"
Compile "redir.cs" into "redir.dll" and copy it into "bin" folder (to compile -> csc.exe /out:redir.dll /target:library redir.cs)
Copy "web.config" file inside "%systemdrive%\inetpub\wwwroot"

If you open IIS7 UI and go to Modules you can see your HttpModule listed there.

Source code http://www.awesomeideas.net/page/IIS7-http2https.aspx