Error when completing SSL certificate request
I was recently working on implementing a renewed SSL certificate for a client. I created the renewal certificate request and sent the corresponding file to the client. I received the response back from the Certificate Authority as a Certificate File with the extension .crt. Now it was time to complete the certificate request and get the website back in action. I logged onto my Windows 2008 R2 server and opened IIS Manager. I then accessed the Server Certificates module to complete my request. I clicked Complete Certificate Request in the Actions pane and selected the appropriate response file.
Upon clicking OK, I received an error ASN1 bad tag value met. I have seen this error before and the certificate actually installed. Well, not this time. At this point, the pending CSR had been deleted. With IIS7 and above, you cannot see the pending certificate requests as you could in IIS6, so I will show you a trick to see where they are stored.
Click Start –> Run –> type mmc.exe and hit Enter to run the MMC utility.
Once this is open, click File –> Add/Remove Snap-in from the menu.
Choose Certificates from the Snap-In list and click Add.
Choose Computer Account and click Next –> Finish.
Expand the Certificates Snap-in and click on Certificate Enrollment Requests. As you can see, mine is empty.
There is a way to restore your request within this console in order to try to complete the SSL registration. Right click on Certificate Enrollment Requests and click Import. The request will now show up here and be ready to pair with the response from the Certificate Authority.
Go back into IIS Manager, Server Certificates and complete the request with the .crt file provided by the CA. You will now see the completed certificate in your Server Certificates and will be able to bind it to your website.
I have started verifying certificates following install using SSL Shopper to ensure that all intermediate certificates are installed and the SSL certificate is fully functional in all browsers.
The above task is an example of the type of hands-on support we extend to SherWeb clients. If you’re interested to learn more about what that looks like for our Dedicated and Cloud Server clients, feel free to skim through our blog, or contact us directly. Give us a call at 1-855-780-0955, or email at Sales@sherweb.com.