Solved

Can't install new SSL certificate: ASN1 bad tag value met

Posted on 2009-05-05
4
2,480 Views
Last Modified: 2012-05-06
Error message :CertEnroll::Cx509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b

I missed out autodiscover.my-domain.com from my new SSL certificate, but the company i bought it from allowed by to add this and sent me the updated cert.  Now, when I try to install it I get the above error, any ideas?

Installing on IIS7 on an Exchange 2007 server.
0
Comment
Question by:-Juddy-
  • 3
4 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24309547
You need to issue a new certificate request on the server, as there is now a mismatch.

Simon.
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 24312424
So if I create a new CSR matching the new cert (with the added alternative name) I will be able to add the new cert?
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 24312611
Ok, so I created a new certificate request on the Exchnage Server matching EXACTLY what is on the updated, re-issued certificate.  When I try to 'Complete Certificate request'  I get the exact same error.
0
 
LVL 3

Accepted Solution

by:
-Juddy- earned 0 total points
ID: 24312818
FIXED!!

This worked for me:

Begin by importing the .crt file into the Personal certificate store for the local computer.  (Start button > Run:  MMC > File Menu > Add/Remove Snap-in > highlight Certificates snap-in and click the ADD button > select Computer Account and click Finish >  Click OK > drill into Personal > Certificates >  right-click and select All Tasks > select Import > guide to the .crt file.)  At this point your certificate is basically a half-certificate.  It is still missing its private key.
 
Second, double-click the crt certificate file you just imported, select the Details tab, scroll all the way down to Thumbprint and highlight Thumbprint.  In the lower pane, block and copy all the letters of the thumbprint.  Paste the thumbprint characters into notepad.  Open the command prompt and run this command: Certutil /?

The command youll want to run is:
 
certutil -repairstore my "insert all of the thumbprint characters here"

 When you see the response: CertUtil: -repairstore command completed successfully you should have a private key associated with the .crt file in the personal store. There should no longer be any need to run through the Complete Certificate Request& wizard.  The certificate should show up in the IIS Managers list of server certificates at this point.  It should also be available in the SSL Certificates drop-down list when attempting to edit the https binding for a website.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now