ASN1 Bad Tag Error Installing an SSL Certificate in IIS 7

You've installed SSL certificates on previous versions of IIS more times than you care to remember. It's no rocket science - you create a certificate request, request the certificate from a Certification Authority, get the certificate and complete your certificate request.

Then there's IIS 7. Modularized. Optimized. Secure. You follow the same procedure as you did with previous versions of IIS. Create a certificate request, check. Get the certificate from a CA, check. Install the certificate, and that's where the familiarity ends. Instead of installing the certificate, IIS 7 throws up a cryptic error: There was an error while performing this operation. Details: CertEnroll::CX509Encrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b (ASN: 267).


Figure 1: IIS 7's cryptic error when trying to install an SSL certificate

If you fire up the Certificates console (start a new MMC console | add Certificates snap-in | select the computer account), you'll see the certificate is indeed installed.

By default, IIS does not create a binding for HTTPS.


Figure 2: IIS 7's default site bindings

Add a binding for HTTPS

1. In the Site Bindings window, click Add
   
2. In the Add Site Binding window, select https from the Type: drop-down.
   
3. Select an IP address (or optionally, leave All Unassigned selected if you want the site to bind to the specified SSL port on all IP addresses
   
4. From the SSL certificate: drop-down, select the certificate you want to use for the binding/web site.
   
   [Optional] You can click the View button to view the certificate and ensure you're selecting the right one.
   
   Figure 3: Creating a binding for https in IIS 7
   
5. Click OK to close the Add Site Binding window.

Close the Site Bindings, start a browser, and test the web site using https.

Pretty Permalinks in WordPress: Rewriting URLs on IIS 7

I've been quite impressed with IIS 7 and the IIS blog in the past, and these guys continue to impress.

If you've noticed some changes on Exchangepedia recently - yes, the design tweaks are ongoing, and no - I've not completed the move to WordPress yet. Although I'm looking at other alternatives — including some based on .Net, it's hard not to like WordPress 2.7!

But I digress. Back to IIS 7 and WordPress. As part of moving Exchangepedia to WordPress, I've been playing with address rewriting. Hopefully I'll be able to retain the same permalink URLs generated by Blogger, or at least move away from the default WordPress URLs which look like: http://exchangepedia.com/blog/?p=417. WordPress itself calls them ugly URLs.

Although primarily targeted at open source components (the LAMP platform - Linux OS, Apache web server, MySQL database, and PHP), Wordpress works just as well on Windows, IIS, MySQL, and PHP platform (aka "Let's-just-say-the-acronym's-nowhere-as-"pretty"-platform" :).

IIS 7 provides you the best of both worlds - the file-based configurations similar to Apache (using web.config files), and the GUI admin tools that most of us Windows folks are used to. (As a sidenote, IIS 7 also has a Powershell provider, bringing to it the same powerful, object-oriented shell interface you're used to managing Exchange with. Download CTP2 of the PS provider for IIS 7 x86 | x64). Above all, IIS plays well with other, non-Microsoft parts of the stack, and the team doesn't seem to want to hide that. In fact, most of my searches have led me to the IIS team blog, which has provided some great documentation, blog posts, and downloads.

Wordpress.org does a great job of documenting things for its LAMP target audience - you can use Apache's mod_rewrite module to rewrite URLs. See 'Using Permalinks' in WordPress documentation for more information on how to do this.

On Windows and IIS 7, you can use the Microsoft URL Rewrite module for IIS 7 (Download x86 | x64 | Documentation). A simple edit to the web.config file in your Wordpress directory, and pretty permalinks are live!

Read Ruslan Yakushev's post on the IIS blog for more info: Enabling Pretty Permalinks in Wordpress.