Tech Quintal

How to Fix “ASN Bad tag value met” or “Cannot find certificate request associated with this certificate file” error on the IIS7

ASN Bad tag value met or Cannot find certificate request associated with this certificate file

IIS servers are very common these days. If you ever got “Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created” or “ASN1 bad tag value met” error on the IIS7 while trying to import SSL certificates, this article is for you.

As the error itself tells, the first one is happened because of trying to import a CSR you have used for the certificate activation generated on a different computer or server and the second was happened due to the mismatch between the private and public keys in CSR. If you are 100% sure that the CSR was generated on the same server, you can do this.

Simply close the window and return to the certificate list. Press F5 to refresh the list of certificates. If you see the certificate appears on the list, everything is ok, and you can continue the process. If not, most likely, you forgot to give a Friendly Name to the certificate. You could also try recreating the certificate and reissuing it. Then try again with the process.

How to Fix “ASN Bad tag value” or “Cannot find certificate request associated with this certificate file” error on the IIS7

ASN Bad tag value met

Cannot find certificate request associated with this certificate file

If this simple fix doesn’t fix the problem, it is the time to try something advanced. Have a look.

Try opening the certificate in .p7b format

You could try converting your regular certificate file to the PKCS#7 format which should be used during the installation process. The .p7b file could be downloaded directly from your certificate registrar or can use some SSL format converters like this.

Using Microsoft Management Console

Begin by importing the .crt file into the Personal certificate store for the local computer.

  1. Open Run by pressing Win+R keys together.
  2. Type MMC in the box and press enter.
  3. Confirm the action by clicking Yes.
  4. It will open the Microsoft Management Console.
  5. Go to the File Menu and click on Add/Remove Snap-in option.
  6. It will open a window. Highlight Certificates snap-in and click the ADD button.
  7. Select Computer Account radio option and then click Next and Finish.
  8. Click OK.
  9. Click on the certificates option at the left side.
  10. Navigate to Personal Certificates.
  11. Right-click on the right side and select All Tasks > Import.
  12. Browse the .crt file. Now, the certificate has imported, but it is still missing its private key.
  13. Double-click the .crt certificate file you just imported.
  14. Go to the Details tab.
  15. Scroll all the way down to Thumbprint and highlight Thumbprint.
  16. In the lower pane, block and copy all the letters of the thumbprint.
  17. Open the notepad and paste the thumbprint characters.  Open the command prompt and run the Certutil /? command. It is: 
    certutil -repairstore my “{insert the thumbprint characters here}”
  18. Now, you will get “CertUtil: -repairstore command completed successfully” response. Which means, you have a private key associated with the .crt file in the personal store.

You don’t have to run through “Complete Certificate Request…” wizard again. Check your IIS Manager’s list of server certificates, you will see it there. The certificate will also be available in the SSL Certificates drop-down list when attempting to edit the https binding for your website.

Be sure to add the “Friendly Name”

Missing the friendly name during the certificate installation on IIS could cause the “Cannot find certificate request associated with this certificate file” or “ASN Bad tag value met” error. So, restart the process and make sure that you entered a friendly name in the correct box.

Make sure that the CSR was generated on the same server

If you are not sure that the CSR was generated on the same server and any one of the above-given methods are not working for you, you could either try the process from the origin server or can regenerate a new CSR from the current server. If so, the whole certificate issuance process should be done from scratch. It is very rare to occur the issue due to the difference in servers.

Restart the whole process

If anything doesn’t help you to fix “ASN Bad tag value met” or “Cannot find certificate request associated with this certificate file error on the IIS7 you could also try restarting the whole process again. Start by generating a CSR and reissue your certificate. In most of the cases, this solves the problem.

Contact Microsoft

As a last resort, you could directly contact Microsoft and ask for a solution. There are several forums available where thousands of experts are ready to help you. Just visit their forums and explain your problem in detail. You will surely get an answer ASAP.

We hope, you got a solution to fix the “Cannot find the certificate request associated with this certificate file. A certificate request must be completed on the computer where it was created” or “ASN1 bad tag value met” error.

Next Article