I was recently working on implementing a renewed SSL certificate for a client. I created the renewal certificate request and sent the corresponding file to the client. I received the response back from the Certificate Authority as a Certificate File with the extension .crt. Now it was time to complete the certificate request and get the website back in action. I logged onto my Windows 2008 R2 server and opened IIS Manager. I then accessed the Server Certificates module to complete my request. I clicked Complete Certificate Request in the Actions pane and selected the appropriate response file.

Specify Certificate Authority Response - IIS Manager

Upon clicking OK, I received an error ASN1 bad tag value met. I have seen this error before and the certificate actually installed. Well, not this time. At this point, the pending CSR had been deleted. With IIS7 and above, you cannot see the pending certificate requests as you could in IIS6, so I will show you a trick to see where they are stored.

Step 1.
Click Start –> Run –> type mmc.exe and hit Enter to run the MMC utility.

Step 2.
Once this is open, click File –> Add/Remove Snap-in from the menu.

Step 3.
Choose Certificates from the Snap-In list and click Add.

Step 4.
Choose Computer Account and click Next –> Finish.

Step 5.
Expand the Certificates Snap-in and click on Certificate Enrollment Requests. As you can see, mine is empty.

Certificate Enrollment Requests - MMC Utility
Step 6.
There is a way to restore your request within this console in order to try to complete the SSL registration. Right click on Certificate Enrollment Requests and click Import. The request will now show up here and be ready to pair with the response from the Certificate Authority.

Certificate Authority - MMC Utility

Go back into IIS Manager, Server Certificates and complete the request with the .crt file provided by the CA. You will now see the completed certificate in your Server Certificates and will be able to bind it to your website.

IIS Manager - Server Certificates

I have started verifying certificates following install using SSL Shopper to ensure that all intermediate certificates are installed and the SSL certificate is fully functional in all browsers.

If you’ve experienced the above problem, and this post has been useful, please let me know in the comments below. You can find my other posts related to SSL here or here.

The above task is an example of the type of hands-on support we extend to SherWeb clients. If you’re interested to learn more about what that looks like for our Dedicated and Cloud Server clients, feel free to skim through our blog, or contact us directly. Give us a call at 1-855-780-0955, or email at Sales@sherweb.com.

Try Performance Cloud Servers

Written by Terri Donahue Employee @ SherWeb

Terri is a System Administrator that has been supporting IIS since version 4.0. Through the years she has had extensive hands-on experience with many web servers including Lotus Domino, Apache, and of course, IIS. She has a passion for helping people solve technology related problems. In addition, she's an active member of the Charlotte PowerShell User Group. She was originally awarded Microsoft MVP for IIS in 2013 and was recently re-awarded on July 1st, 2014.