CertEnroll::Cx509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b

CertEnroll::Cx509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b

Rate This
  • Comments 26

Recently while installing a SSL certificate on IIS 7.0 I got this error message

CertEnroll::Cx509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b

I could not complete the certificate request via IIS manager.

But strangely after this error the certificate was placed in the Other People certificate store.

Only certificates that are stored in the Local Computer store can be used in IIS.

SSL

 

To restore the certificate to the Local Computer store you can load the two Certificates MMC (Local Computer & Local User). Drag it out of the Other People store and drop it under the Local Computer > Personal > Certificates.

But if you double click the certificate you will see that the private key is missing. Without a private key the certificate is worthless as even if you configure it on your website in IIS you will end up getting Page Cannot Be Displayed.

Now if the request for the certificate was issued from the same machine you can use the command below to restore the private key for your certificate.

certutil –repairstore my “00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f”

The sequence in the quotes is the thumbprint of the SSL certificate.

thumbprint

This should restore the private key for that certificate. You should see a “You have a private key that corresponds to this certificate” message when you open it .

Now the certificate is installed in your Local Computer certificate store so you go into your website properties and assign the certificate by changing the bindings settings.


Bookmark and Share

Leave a Comment
  • Please add 5 and 4 and type the answer here:
  • Post
  • PingBack from http://blog.a-foton.ru/index.php/2008/11/25/certenrollcx509enrollmentp_installresponse-asn1-bad-tag-value-met-0x8009310b/

  • This was amazingly helpful. I had this exact issue, and nowhere was there help to be found - not Verisign, not Microsoft.

    This post had me up and running in about 30 seconds.

  • Man, you totally saved my bacon. I was going back and forth with the hosting company, the cert issuer, web searches. All bore no fruit, until I found this post. Very very well done sir!

  • WOW!  Great article.  Like the other posters I had the SSL problem and was up and running following this exactly.  Thanks A LOT man!! =]

  • Following your post fixed the problem in 2 minutes after I wasted 2 hours with certificate and the issuer.

    Thank You, Thank You, Thank You!!!

  • I hope I can repay the favor some day, because you just saved my butt!  Seriously, I've been at this for two days and couldn't find anything out there to help me.  You're awesome!  THANK YOU!!!

  • We’ve seen a few instances of the following error message on 64 bit servers when IIS 7.0 is attempting

  • Also with me this helped. If you have the same error? Try this solution out.

  • I have no "other people" folder.  Suggestions?

  • Great! I was nearly desperate, because I had never had problems with ssl-certificates on different Linux- and IIS6-Webservers.

    Thank you very much for this article!

    Kind regards,

    Volker

  • This is a very odd error you discovered. Your work-around likely saved me hours. There is a special place in the after-life for people like you.

  • I have no "other people" folder. What do I do?

    Regards

    Pablo.

    pgonzalez@fsnsolutions.com.au

  • Pablo

    Check this http://support.microsoft.com/kb/959216

  • how do i get to the screen shown?

  • Good job Buddy really saved my neck.

    Works like a charm !!!

    Thanks

Page 1 of 2 (26 items) 12