Jasinski Technical Wiki

Navigation

Home Page
Index
All Pages

Quick Search
»
Advanced Search »

Contributor Links

Create a new Page
Administration
File Management
Login/Logout
Your Profile

Other Wiki Sections

Software

PoweredBy

Page History: Completing an SSL Certificate Request

Compare Page Revisions



« Older Revision - Back to Page History - Newer Revision »


Page Revision: Wed, Oct 07, 2015, 8:38 AM


Overview

This article documents how to complete a CSR (Certificate Signing Request) for an SSL certificate

Procedures

Completing the Request

  1. Navigate to server where CSR was generated
  2. Navigate to IIS > Server
  3. Double-click Server Certificates
  4. In the right pane, click link: "Complete Certificate Request"
  5. Specify the P7B file
  6. For the "Friendly Name" field specify the main domain name in all lower case

Resolving an ASN1 Bad Tag Error

Reference: http://blogs.msdn.com/b/webtopics/archive/2009/01/03/asn1-bad-tag-value-met-error-when-processing-a-certificate-request-in-iis-7.aspx

If during the above procedure you get the error message "There was an error while performing this action. CertEnroll::CX509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b (ASN: 267)", execute the following procedure to resolve it.

  1. Open the Certificate Console. See this article for details how.
  2. Import the certificate into the Personal Certificate Store. At this point the certificate is missing the private key.
  3. Double-click the P7B file and get the thumbprint of the certificate.
  4. Issue the following command on the server: certutil -repairstore my "thumbprint"
  5. When you see the response: "CertUtil: -repairstore command completed successfully" you should have a private key associated. NOTE: You may have to refresh the Microsoft Management Console window to see the private key on the certificate.
  6. The certificate should now be available for bindings within IIS

Binding Multiple Websites to a SAN Certificate

Reference: https://www.sslshopper.com/article-ssl-host-headers-in-iis-7.html

  1. Bind the SSL certificate to the site for the main domain
  2. In a Command Window, navigate to C:\Windows\System32\Inetsrv\ and issue the following command for each Subject Alternative Name on the certificate, where IISSiteName is the name of the site as listed in the IIS Console, and hostHeaderValue is the domain name to bind to.

appcmd set site /site.name:"IISSiteName" /+bindings.[protocol='https',bindingInformation='*:443:hostHeaderValue']

ScrewTurn Wiki version 3.0.1.400. Some of the icons created by FamFamFam. Except where noted, all contents Copyright © 1999-2024, Patrick Jasinski.