ASN1 bad tag value met. 0x8009310b (IIS7)

Published by

Posted on October 04, 2010

Error encountered when trying to complete a SSL certificate within iis 7

CertEnroll::Cx509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b

Theory: We believe this error occurs when Windows forget where the CSR key was placed.

repairing a damaged certificate.

You will need to first open the Certificate snap-in following the instructions outlines here

You will need to open the snap-in for the local computer and user.

Repair option 1.

Open up DOS prompt (cmd.exe)

Type: certutil -repairstore my “THUMBPRINT/SERIALNUMBER”

(Follow the instructions here on how to obtain the serial number)

Go back into the IIS Manager and re-edit the bindings for this site. (Where you can select the certificate.

Note: Sometimes, you will get an error, so just ignore the error and try again. When trying again, the certificate may already be selected and nothing else needs to be done.

Option #2: Restore Certificate to the Local Computer Store

Open the Certificate Snap-In from within the MMC (Microsoft Management Console)
Start -> Run -> Type “mmc” -> File -> Add/Remove Snap-in -> Add -> Certificates

Add Current User account.
My User Account -> Finish.

Add Local Computer account.
Computer account -> Local Computer -> Finish.

Close Add Standalone Snap-in.

Click Ok.

Drag the certificate that will not install, out of the Other People store and drop it under the Local Computer -> Personal -> Certificates.

Do not close out of the MMC at this time.

Open up a command prompt.
Start -> Run -> Type cmd.

Type: certutil -repairstore my “THUMBPRINT_OF_CERTIFICATE”. (with quotes)

You should now have the private key back on the certificate so now open up IIS and assign it to your website.

**This article is currently being modified *** to be completed on 10/8/10

Short version:**
1. click run and enter inetmgr
2. click the server name in the IIS Manager, Double-click on Server Certificates.
3. Under actions on the left click on import
4. locate your pfx file and import the cert to the server.
5. bind the new ssl cert to the virtual host