Solved

certificate error

Posted on 2009-05-08
7
464 Views
Last Modified: 2012-05-06
I have an sbs 2008 server, and I am trying to add a certificate I got from a trusted provider. When I attempt to add the certificate I get an error (see screenshot). Inintially when I got the certificate, I went thru the sbs management console, and clicked add a trusted certificate and chose the one for my domain, and it took it fine. Apparently I needed to add other types of certificate as well, (they all came in a zip file from the vendor). The vendor tech rep walked me thru some steps to add the certificates via MMC, and all went well. So I accessed my site externally, and still got the "this site does not have a trusted certificate" error. He said I might need to reboot the server for the certificates to take effect. Then he figured we might need to add the certificate thru IIS, which brought me to the current situation I am now in with the error. When the error first happened, the tech thought it might be because the server is looking for .cer files, and theirs come as .crt. So, he had me change the extension to .cer hoping the error would go away, it did not. HELP!!!
cert-error.jpg
0
Comment
Question by:xzay1967
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Accepted Solution

by:
yourbts earned 300 total points
ID: 24339818
This exact issue seems to have been blogged about at Vijayshinva Karnure's site:

http://blogs.msdn.com/vijaysk/archive/2008/11/25/certenroll-cx509enrollment-p-installresponse-asn1-bad-tag-value-met-0x8009310b.aspx

I hope this helps!
0
 

Author Comment

by:xzay1967
ID: 24339925
I did that but I still get the not trusted certificate error from an external web browser. I went ahead and generated a new request to the provider (notsol).
0
 
LVL 1

Assisted Solution

by:yourbts
yourbts earned 300 total points
ID: 24340005
I tried to offer you a quick fix with the above link.

Your method should work as well as it's what Verisign recommends (and should work with other providers as well):

https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=S:SO8467&actp=search&searchid=1219125132143
0
Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 100 total points
ID: 24340088
Check Certificates MMC and see if the cert is in there somewhere, if it is then click-drag to the Personal store if it is not there already.  If not showing up, then install the certificate here to the Personal store and do above.

Double click the cert to view its properties - on the default tab look near the bottom to see if it has a little key icon and message saying you have the private key - if you do then you should be ok otherwise reissue the cert (vendor should do for free within first 2-4 weeks normally).  Assuming that you do not have the private key associated, you can do the following to try to recover it.

Details tab - find the thumbprint field or the serial number field and copy that (need to ctl+c since r-click doesn't work here).

Open up a command box and run this:
certutil -repairstore my %"paste thumbprint here"%

Go back to IIS and try installing the cert file now.
0
 

Author Comment

by:xzay1967
ID: 24340290
When I open MMC, the current user option is not there, only local computer. The certificates are in the personal>certificates folder under local computer. In the screenshot, the circled cert is the one I want to use. I used the certutil and did the repairstore option, and it ran successfully, then I want back to IIS, to try and do a complete request taslk, and got the same error again. I ignored the bad tag error, and went back to IIS> bindings, and added HTTPS to the bindings, that worked fine. I think this issue occurred due to two reasons:
1. Netsol certs have a crt extension, and SBS 2008 looks for .cer
2. I used the SBS console manager to add the trusted certificate instead of using IIS initially. Am I wrong in my deduction?
cert.jpg
0
 
LVL 5

Assisted Solution

by:DTAHARLEV
DTAHARLEV earned 100 total points
ID: 24342272
are all the names spelled exactly the same? (friendly name etc)
0
 

Author Comment

by:xzay1967
ID: 24358350
yes the names are spelled correctly. I went ahead and had the certificate revalidated, and it was re-issued to me. Basically I went ahead and did a new csr from the server. What is the bast way to apply the new certificate? When certificates come from Netsol, the send a zip file that consist of some different types of certificates (see screen shot). I know sbs 2008 is different than traditional server OS. When certs are added using the add a trusted certificate wizard (sbs management console), what exactly does it do? Does it apply the cert to the sites in IIS as well? How do I add all these certs to my sbs 2008 server. Thanks for all you guys help. Also, do I need to delete or remove the other certs I got from them before applying these new ones? How do I do that?
my-certs.jpg
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question