Ask a Question

Advanced Search

Solution ID : SO15608

Last Modified : 05/02/2018

Error: ASN1 bad tag value met. 0X80009310b (ASN:267) during certificate installation with Microsoft IIS 7.0

Problem

Cannot find the certificate request that is associated with this certificate file. A certificate request must be completed on the computer where the request was created.

There was an error while performing this operation

CertEnroll::CX509Enrollment::p_InstallResponse:ASN1 bad tag value met. 0x8009310b (ASN: 267)

 

Cause

Microsoft IIS 7.0 currently reports an error indicating it does not accept PKCS#7 formatted certificates. Although the ASN1 error occurs during installation, the certificate usually installs successfully.
 

This is a known Microsoft IIS 7.0 issue.  Please see Microsoft Knowledge Base Article 959216 in regards to this issue.

 

Solution

To verify the SSL certificate is successfully installed, try to bind the certificate to the web site.
 

Step 1: To bind the certificate to the appropriate web site, perform the following steps:

  1. Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  2. Browse to your Server Name > Sites > Your SSL-based site
  3. From the Actions pane, choose Bindings
  4. In the Site Bindings window, choose Add
  5. From the Add Site Bindings window, provide the binding type
  6. Select the SSL certificate that will be used for this site
    Note: If the SSL certificate is not available to bind, please see Step 2 below
  7. Click OK
  8. Test the if the site is secure by using HTTPS 
     

Step 2: Attempt to restore the Private key

  1. With the MMC console still open, select the Certificates folder inside the Personal folder in the left-hand pane.
  2. Double-click the newly imported SSL certificate in the right-hand pane, then select the Details tab.
  3. Scroll down and select the Thumbprint field, then select and copy the entire thumbprint (in the bottom box) to the clipboard.
  4. Open a command prompt, then enter the following command:
     
    certutil -repairstore my "<thumbprint>"

    Example:

    certutil -repairstore my "00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f"

    If successful, the response will be "CertUtil: -repairstore command completed successfully"
     

Step 3: Assign SSL certificate in IIS

  1. Open the IIS Manager application.
  2. From the Connections pane on the left, expand the local server, expand the Sites folder and select the web site to be secured with SSL.
  3. From the Actions pane on the right, select the Bindings option (under Edit Site).
  4. In the Site Bindings window, select an existing https binding and click Edit. If there are no existing https bindings, click Add.
  5. Ensure the type is set to 'https', then select the new SSL certificate from the drop down menu. Click the View button to confirm details of the certificate, if necessary. Click OK > Close
     

If the process fails the certificate will need to be replaced. Refer to solution SO22159.

.