Solved

Can't install new SSL certificate: ASN1 bad tag value met

Posted on 2009-05-05
4
2,487 Views
Last Modified: 2012-05-06
Error message :CertEnroll::Cx509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b

I missed out autodiscover.my-domain.com from my new SSL certificate, but the company i bought it from allowed by to add this and sent me the updated cert.  Now, when I try to install it I get the above error, any ideas?

Installing on IIS7 on an Exchange 2007 server.
0
Comment
Question by:-Juddy-
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24309547
You need to issue a new certificate request on the server, as there is now a mismatch.

Simon.
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 24312424
So if I create a new CSR matching the new cert (with the added alternative name) I will be able to add the new cert?
0
 
LVL 3

Author Comment

by:-Juddy-
ID: 24312611
Ok, so I created a new certificate request on the Exchnage Server matching EXACTLY what is on the updated, re-issued certificate.  When I try to 'Complete Certificate request'  I get the exact same error.
0
 
LVL 3

Accepted Solution

by:
-Juddy- earned 0 total points
ID: 24312818
FIXED!!

This worked for me:

Begin by importing the .crt file into the Personal certificate store for the local computer.  (Start button > Run:  MMC > File Menu > Add/Remove Snap-in > highlight Certificates snap-in and click the ADD button > select Computer Account and click Finish >  Click OK > drill into Personal > Certificates >  right-click and select All Tasks > select Import > guide to the .crt file.)  At this point your certificate is basically a half-certificate.  It is still missing its private key.
 
Second, double-click the crt certificate file you just imported, select the Details tab, scroll all the way down to Thumbprint and highlight Thumbprint.  In the lower pane, block and copy all the letters of the thumbprint.  Paste the thumbprint characters into notepad.  Open the command prompt and run this command: Certutil /?

The command youll want to run is:
 
certutil -repairstore my "insert all of the thumbprint characters here"

 When you see the response: CertUtil: -repairstore command completed successfully you should have a private key associated with the .crt file in the personal store. There should no longer be any need to run through the Complete Certificate Request& wizard.  The certificate should show up in the IIS Managers list of server certificates at this point.  It should also be available in the SSL Certificates drop-down list when attempting to edit the https binding for a website.
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question