Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

certificate error

Posted on 2009-05-08
7
Medium Priority
?
470 Views
Last Modified: 2012-05-06
I have an sbs 2008 server, and I am trying to add a certificate I got from a trusted provider. When I attempt to add the certificate I get an error (see screenshot). Inintially when I got the certificate, I went thru the sbs management console, and clicked add a trusted certificate and chose the one for my domain, and it took it fine. Apparently I needed to add other types of certificate as well, (they all came in a zip file from the vendor). The vendor tech rep walked me thru some steps to add the certificates via MMC, and all went well. So I accessed my site externally, and still got the "this site does not have a trusted certificate" error. He said I might need to reboot the server for the certificates to take effect. Then he figured we might need to add the certificate thru IIS, which brought me to the current situation I am now in with the error. When the error first happened, the tech thought it might be because the server is looking for .cer files, and theirs come as .crt. So, he had me change the extension to .cer hoping the error would go away, it did not. HELP!!!
cert-error.jpg
0
Comment
Question by:xzay1967
7 Comments
 
LVL 1

Accepted Solution

by:
yourbts earned 900 total points
ID: 24339818
This exact issue seems to have been blogged about at Vijayshinva Karnure's site:

http://blogs.msdn.com/vijaysk/archive/2008/11/25/certenroll-cx509enrollment-p-installresponse-asn1-bad-tag-value-met-0x8009310b.aspx

I hope this helps!
0
 

Author Comment

by:xzay1967
ID: 24339925
I did that but I still get the not trusted certificate error from an external web browser. I went ahead and generated a new request to the provider (notsol).
0
 
LVL 1

Assisted Solution

by:yourbts
yourbts earned 900 total points
ID: 24340005
I tried to offer you a quick fix with the above link.

Your method should work as well as it's what Verisign recommends (and should work with other providers as well):

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=S:SO8467&actp=search&searchid=1219125132143
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 300 total points
ID: 24340088
Check Certificates MMC and see if the cert is in there somewhere, if it is then click-drag to the Personal store if it is not there already.  If not showing up, then install the certificate here to the Personal store and do above.

Double click the cert to view its properties - on the default tab look near the bottom to see if it has a little key icon and message saying you have the private key - if you do then you should be ok otherwise reissue the cert (vendor should do for free within first 2-4 weeks normally).  Assuming that you do not have the private key associated, you can do the following to try to recover it.

Details tab - find the thumbprint field or the serial number field and copy that (need to ctl+c since r-click doesn't work here).

Open up a command box and run this:
certutil -repairstore my %"paste thumbprint here"%

Go back to IIS and try installing the cert file now.
0
 

Author Comment

by:xzay1967
ID: 24340290
When I open MMC, the current user option is not there, only local computer. The certificates are in the personal>certificates folder under local computer. In the screenshot, the circled cert is the one I want to use. I used the certutil and did the repairstore option, and it ran successfully, then I want back to IIS, to try and do a complete request taslk, and got the same error again. I ignored the bad tag error, and went back to IIS> bindings, and added HTTPS to the bindings, that worked fine. I think this issue occurred due to two reasons:
1. Netsol certs have a crt extension, and SBS 2008 looks for .cer
2. I used the SBS console manager to add the trusted certificate instead of using IIS initially. Am I wrong in my deduction?
cert.jpg
0
 
LVL 5

Assisted Solution

by:DTAHARLEV
DTAHARLEV earned 300 total points
ID: 24342272
are all the names spelled exactly the same? (friendly name etc)
0
 

Author Comment

by:xzay1967
ID: 24358350
yes the names are spelled correctly. I went ahead and had the certificate revalidated, and it was re-issued to me. Basically I went ahead and did a new csr from the server. What is the bast way to apply the new certificate? When certificates come from Netsol, the send a zip file that consist of some different types of certificates (see screen shot). I know sbs 2008 is different than traditional server OS. When certs are added using the add a trusted certificate wizard (sbs management console), what exactly does it do? Does it apply the cert to the sites in IIS as well? How do I add all these certs to my sbs 2008 server. Thanks for all you guys help. Also, do I need to delete or remove the other certs I got from them before applying these new ones? How do I do that?
my-certs.jpg
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question