How to Fix a “CertEnroll” Certificate Private Key Error in OCS 2007 R2 and SharePoint
Microsoft Office Communication Server 2007 R2 servers require certificates for several authentications between servers. SharePoint servers do too. These certificates require keys in order to maintain their security.
Today's post will give a solution for a cert error that pops up occasionally: When OCS or SharePoint fails to detect your cert's private key.
- When setting up a new certificate for Office Communication Server 2007 R2 or SharePoint, you may receive this error.
“CertEnroll::CX5090Enrollment::p_Install Response: ANS1 bad tag value met. 0×8009310b (ASN: 267)”
This error is most likely caused by a missing Private Key on the certificate you're attempting to install. - In order to resolve this issue, access the MMC for certificates.
Select the certificate you are trying to install and view its Properties. Select the Details view and copy the Serial Number you find there to Notepad.
- Once you have it in Notepad, remove the blanks between the numbers. So it looks like this:
- Once that's done, run the command certutil to append this now-corrected Private Key to the certificate. Enter the command as follows:
“certutil –repairstore my (insert serial Number)“
An example screenshot is below.
- Once this repair finishes running, the certificate will be ready to use in your installation.
Save this private key, along with its relevant cert name, in another location. Just in case OCS or SharePoint prompts you for it again.
Did you encounter this error? Under what circumstances? Tell us in the comments if this solution worked for you.
Comments
