Solved

certificate error

Posted on 2009-05-08
7
459 Views
Last Modified: 2012-05-06
I have an sbs 2008 server, and I am trying to add a certificate I got from a trusted provider. When I attempt to add the certificate I get an error (see screenshot). Inintially when I got the certificate, I went thru the sbs management console, and clicked add a trusted certificate and chose the one for my domain, and it took it fine. Apparently I needed to add other types of certificate as well, (they all came in a zip file from the vendor). The vendor tech rep walked me thru some steps to add the certificates via MMC, and all went well. So I accessed my site externally, and still got the "this site does not have a trusted certificate" error. He said I might need to reboot the server for the certificates to take effect. Then he figured we might need to add the certificate thru IIS, which brought me to the current situation I am now in with the error. When the error first happened, the tech thought it might be because the server is looking for .cer files, and theirs come as .crt. So, he had me change the extension to .cer hoping the error would go away, it did not. HELP!!!
cert-error.jpg
0
Comment
Question by:xzay1967
7 Comments
 
LVL 1

Accepted Solution

by:
yourbts earned 300 total points
ID: 24339818
This exact issue seems to have been blogged about at Vijayshinva Karnure's site:

http://blogs.msdn.com/vijaysk/archive/2008/11/25/certenroll-cx509enrollment-p-installresponse-asn1-bad-tag-value-met-0x8009310b.aspx

I hope this helps!
0
 

Author Comment

by:xzay1967
ID: 24339925
I did that but I still get the not trusted certificate error from an external web browser. I went ahead and generated a new request to the provider (notsol).
0
 
LVL 1

Assisted Solution

by:yourbts
yourbts earned 300 total points
ID: 24340005
I tried to offer you a quick fix with the above link.

Your method should work as well as it's what Verisign recommends (and should work with other providers as well):

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=S:SO8467&actp=search&searchid=1219125132143
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 100 total points
ID: 24340088
Check Certificates MMC and see if the cert is in there somewhere, if it is then click-drag to the Personal store if it is not there already.  If not showing up, then install the certificate here to the Personal store and do above.

Double click the cert to view its properties - on the default tab look near the bottom to see if it has a little key icon and message saying you have the private key - if you do then you should be ok otherwise reissue the cert (vendor should do for free within first 2-4 weeks normally).  Assuming that you do not have the private key associated, you can do the following to try to recover it.

Details tab - find the thumbprint field or the serial number field and copy that (need to ctl+c since r-click doesn't work here).

Open up a command box and run this:
certutil -repairstore my %"paste thumbprint here"%

Go back to IIS and try installing the cert file now.
0
 

Author Comment

by:xzay1967
ID: 24340290
When I open MMC, the current user option is not there, only local computer. The certificates are in the personal>certificates folder under local computer. In the screenshot, the circled cert is the one I want to use. I used the certutil and did the repairstore option, and it ran successfully, then I want back to IIS, to try and do a complete request taslk, and got the same error again. I ignored the bad tag error, and went back to IIS> bindings, and added HTTPS to the bindings, that worked fine. I think this issue occurred due to two reasons:
1. Netsol certs have a crt extension, and SBS 2008 looks for .cer
2. I used the SBS console manager to add the trusted certificate instead of using IIS initially. Am I wrong in my deduction?
cert.jpg
0
 
LVL 5

Assisted Solution

by:DTAHARLEV
DTAHARLEV earned 100 total points
ID: 24342272
are all the names spelled exactly the same? (friendly name etc)
0
 

Author Comment

by:xzay1967
ID: 24358350
yes the names are spelled correctly. I went ahead and had the certificate revalidated, and it was re-issued to me. Basically I went ahead and did a new csr from the server. What is the bast way to apply the new certificate? When certificates come from Netsol, the send a zip file that consist of some different types of certificates (see screen shot). I know sbs 2008 is different than traditional server OS. When certs are added using the add a trusted certificate wizard (sbs management console), what exactly does it do? Does it apply the cert to the sites in IIS as well? How do I add all these certs to my sbs 2008 server. Thanks for all you guys help. Also, do I need to delete or remove the other certs I got from them before applying these new ones? How do I do that?
my-certs.jpg
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Office 365 SSL Issues 5 51
Certificate for Exchange 5 52
Outlook Anywhere is not working. 2 34
exchange , certificates 7 28
The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now