25 November 2008

CertEnroll::Cx509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b

Recently while installing a SSL certificate on IIS 7.0 I got this error message

CertEnroll::Cx509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b

I could not complete the certificate request via IIS manager.

But strangely after this error the certificate was placed in the Other People certificate store.

Only certificates that are stored in the Local Computer store can be used in IIS.

SSL

 

To restore the certificate to the Local Computer store you can load the two Certificates MMC (Local Computer & Local User). Drag it out of the Other People store and drop it under the Local Computer > Personal > Certificates.

But if you double click the certificate you will see that the private key is missing. Without a private key the certificate is worthless as even if you configure it on your website in IIS you will end up getting Page Cannot Be Displayed.

Now if the request for the certificate was issued from the same machine you can use the command below to restore the private key for your certificate.

certutil –repairstore my “00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f”

The sequence in the quotes is the thumbprint of the SSL certificate.

thumbprint

This should restore the private key for that certificate. You should see a “You have a private key that corresponds to this certificate” message when you open it .

Now the certificate is installed in your Local Computer certificate store so you go into your website properties and assign the certificate by changing the bindings settings.


Bookmark and Share

Filed under:
 

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# infoblog » CertEnroll::Cx509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0×8009310b said:

PingBack from http://blog.a-foton.ru/index.php/2008/11/25/certenrollcx509enrollmentp_installresponse-asn1-bad-tag-value-met-0x8009310b/

25 November 08 at 10:38 AM
# Joseph King said:

This was amazingly helpful. I had this exact issue, and nowhere was there help to be found - not Verisign, not Microsoft.

This post had me up and running in about 30 seconds.

29 November 08 at 10:06 PM
# Sean Smith said:

Man, you totally saved my bacon. I was going back and forth with the hosting company, the cert issuer, web searches. All bore no fruit, until I found this post. Very very well done sir!

04 December 08 at 5:34 PM
# DarK said:

WOW!  Great article.  Like the other posters I had the SSL problem and was up and running following this exactly.  Thanks A LOT man!! =]

06 December 08 at 10:53 AM
# Kulbinder said:

Following your post fixed the problem in 2 minutes after I wasted 2 hours with certificate and the issuer.

Thank You, Thank You, Thank You!!!

09 December 08 at 9:55 PM
# Eric E said:

I hope I can repay the favor some day, because you just saved my butt!  Seriously, I've been at this for two days and couldn't find anything out there to help me.  You're awesome!  THANK YOU!!!

30 December 08 at 10:58 AM
# Useful IIS/ASP.NET Information provided by Microsoft Support Teams said:

We’ve seen a few instances of the following error message on 64 bit servers when IIS 7.0 is attempting

03 January 09 at 6:06 PM
# Christiaan Westerbeek said:

Also with me this helped. If you have the same error? Try this solution out.

07 January 09 at 4:53 AM
# Scott said:

I have no "other people" folder.  Suggestions?

11 February 09 at 11:35 AM
# Volker Dose said:

Great! I was nearly desperate, because I had never had problems with ssl-certificates on different Linux- and IIS6-Webservers.

Thank you very much for this article!

Kind regards,

Volker

10 March 09 at 8:53 AM
# Dave said:

This is a very odd error you discovered. Your work-around likely saved me hours. There is a special place in the after-life for people like you.

07 April 09 at 4:58 PM
# Pablo Gonzalez said:

I have no "other people" folder. What do I do?

Regards

Pablo.

pgonzalez@fsnsolutions.com.au

19 May 09 at 7:22 PM
# vijaysk said:

Pablo

Check this http://support.microsoft.com/kb/959216

21 May 09 at 8:09 PM

Leave a Comment

Comment Policy: No HTML allowed. URIs and line breaks are converted automatically. Your e–mail address will not show up on any public page.

(required) 
(optional)
(required) 

  
Enter Code Here: Required
Page view tracker