SSL Installation issue on Windows 2012: How to Fix a “CertEnroll::CX509Enrollment::p_InstallResponse: ASN1” Certificate Private Key Error

This error means that the private key does not match the public key (the .crt file).  The keypair is not successfully joined into a working SSL certificate

Here solution to resolve this error

1. (Start button -> RUN -> Type : MMC)

2. Choose Tab “File”

3. Add/Remove Snap-ins -> certificates and click “Add >”.

4. Select “Computer account” and Finish. OK

5. Personal > Certificates >  right-click and select All Tasks > select Import > guide to the .crt file.)

6. Double-click the crt certificate file you just imported -> select the Details tab, scroll all the way down to Thumbprint and highlight Thumbprint.

7. In the lower pane, block and copy all the letters of the thumbprint.  Paste the thumbprint characters into notepad.  Open the command prompt and run this command: Certutil /?

8. The command you’ll want to run is:

certutil -repairstore my “{PASTE THE CODE }”

9. When you see “CertUtil: -repairstore command completed successfully” the private key will be associated with the .CRT file in                the personal store. The certificate should show up in IIS 8 under Server Certificates.

10. Now you should be able to assign the SSL certificate to the appropriate website(s).

Leave a Reply

Your email address will not be published.