ASN1 bad tag value met. 0x8009310b (IIS7)
Published by exdone
Posted on October 04, 2010
Error encountered when trying to complete a SSL certificate within iis 7
CertEnroll::Cx509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b
Theory: We believe this error occurs when Windows forget where the CSR key was placed.
repairing a damaged certificate.
You will need to first open the Certificate snap-in following the instructions outlines here
You will need to open the snap-in for the local computer and user.
Repair option 1.
Open up DOS prompt (cmd.exe)
Type: certutil -repairstore my “THUMBPRINT/SERIALNUMBER”
(Follow the instructions here on how to obtain the serial number)
Go back into the IIS Manager and re-edit the bindings for this site. (Where you can select the certificate.
Note: Sometimes, you will get an error, so just ignore the error and try again. When trying again, the certificate may already be selected and nothing else needs to be done.
Option #2: Restore Certificate to the Local Computer Store
Open the Certificate Snap-In from within the MMC (Microsoft Management Console)
Start -> Run -> Type “mmc” -> File -> Add/Remove Snap-in -> Add -> Certificates
Add Current User account.
My User Account -> Finish.
Add Local Computer account.
Computer account -> Local Computer -> Finish.
Close Add Standalone Snap-in.
Click Ok.
Drag the certificate that will not install, out of the Other People store and drop it under the Local Computer -> Personal -> Certificates.
Do not close out of the MMC at this time.
Open up a command prompt.
Start -> Run -> Type cmd.
Type: certutil -repairstore my “THUMBPRINT_OF_CERTIFICATE”. (with quotes)
You should now have the private key back on the certificate so now open up IIS and assign it to your website.
**This article is currently being modified *** to be completed on 10/8/10
Short version:**
1. click run and enter inetmgr
2. click the server name in the IIS Manager, Double-click on Server Certificates.
3. Under actions on the left click on import
4. locate your pfx file and import the cert to the server.
5. bind the new ssl cert to the virtual host
- An error has occurred, which probably means the feed is down. Try again later.