Ошибки при попытке установки сертификата с помощью диспетчера IIS 7.0
В этой статье помогают устранить проблему, из-за которой при попытке установки сертификата может быть брошена непредвиденное время запуска с помощью Microsoft IIS (IIS) 7.0 Manager
Оригинальная версия продукта: Windows Сервер 2008 Пакет обновления 2, службы IIS 7.0
Исходный номер КБ: 959216
Симптомы
При попытке установки сертификата из файла с помощью PKCS#7 диспетчера IIS 7.0 вы можете получить одно из следующих сообщений об ошибке:
Сообщение об ошибке 1
Не удается найти запрос сертификата, связанный с этим файлом сертификата. Запрос сертификата должен быть выполнен на компьютере, на котором он был создан.
Сообщение об ошибке 2
При выполнении этой операции произошла ошибка
Подробности: CertEnroll::CX509Enrollment::p_InstallResponse: asN1 bad tag value met.
0x8009310b (ASN:276)
Сертификат установлен правильно, несмотря на сообщение об ошибке.
Причина
Эта проблема возникает из-за того, что диспетчер IIS выполняет операцию по просмотру, чтобы найти удобное имя сертификата во время установки. Однако код, который выполняет эту операцию, пропускает этот конкретный случай, и он не знает, как получить удобное имя сертификата в PKCS#7 файле. Поэтому операция lookup сбой, и вы получите сообщение об ошибке.
Решение
Чтобы устранить эту проблему, добавьте в сертификат удобное имя. Выполните следующие действия для решения этой проблемы:
Дополнительная информация
Эта проблема планируется устранить в Windows Server 2008 Пакет обновления 3.
I wrote a function to create a mime message and encrypt the content with users public cert that’s stored in the cert store while the private keys are stored on my smart card. My function simply saves the pkcs7mime content to a file. I have another test function, which simply reads the file and tries to decrypt the content. However, when I try to decrypt, I get the error: ASN1 bad tag value met.
My encryption function code:
Here is my decrypt function:
Edit: I tried isolating the issue by using the following code:
So the problem seems to start as early as the WriteTo() function.
Update #2: Ok, so I did a toString on both the p7m and the new_p7m object. Apparently, the content is different.
To, somehow the actual content is changing. very strange.
1 Answer 1
I’m betting that your code to save the content to disk is writing a corrupt file:
The problem with the above code is that GetBuffer() returns more bytes than are actually used by the memory stream in most cases. The above logic will also save the content in base64 which is probably not what you want. The following code snippet will decode the base64 content into the smime.p7m file:
Then, to reconstruct the MIME part back for decrypting, do this:
The problem you were facing is that the content was base64 encoded before and it should not have been.
Of course, unless there’s really a need to save just the raw content and then re-construct the application/pkcs7-mime part the hard way, why not just save the entire MIME part like this?
And then re-load it like this:
Then you don’t have to worry about getting things wrong.
Asn1 bad tag value met что это
This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.
Asked by:
Question
Hi, i receive this error when i try to decode encrypted data. I use EnvelopedCms class, the method Decode raise the exception. I can’t find more info about this.
System.Secutiry.Cryptography.CryptographicException: ASN1 bad tag value met.
The Stack trace show me that EnvelopedCms.OpenToDecode method is reached.
I appreciate any help.
All replies
To troubleshoot this issue, we really need the source code to reproduce the problem, so that we can investigate the issue in house. It is not necessary that you send out the complete source of your project. We just need a simplest sample to reproduce the problem. You can remove any confidential information or business logic from it.
Hi, tks for your reply.
I have a test page that i use to paste encrypted data. The other side, other company, send me encrypted info trought email to test purpose. I get encrypted data, copy and paste into the DecryptText TextBox. I send encrypted data to my Encryptor class. The Encryptor class have a Decrypt method that i copy below.
protected void DecryptNow(object sender, EventArgs e) <
System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();
byte[] encriptText = encoding.GetBytes(DecryptText.Text);
byte[] decryptedText = Encryptor.Decrypt(encriptText);
DecryptedText.Text = encoding.GetString(decryptedText);
///
/// Decrypt message specified into the data params
///
///
/// Decrypted message
public static byte[] Decrypt(byte[] data) <
// create EnvelopedCms
EnvelopedCms encryptedMessage = new EnvelopedCms();
// Deserialice PKCS# 7
encryptedMessage.Decode(data);
// decrypt data
encryptedMessage.Decrypt();
// return plain text
return encryptedMessage.ContentInfo.Content;
>
I appreciate any help
So far as I know, you have to check the “ DecryptText.Text”, not random text can be decrypted. This should be by design.
I decrypt a text that is send me by other process. The other process encrypt the data. The data that i use is encrypted.
I got into the same error when I remove signature using my RemoveSignature method. I copy the method here:
public static byte [] RemoveSignature(byte [] data)<
SignedCms signedMessage = new SignedCms();
I really appreciate any help.
I got into the same problem using the content of a document signed with a third party plug-in. If i sign with SignedCms it’s all right. I guess it can be a compatibility problem between CMS and PKCS#7 encoding as documented in http://www.ietf.org/rfc/rfc3852.txt. I’ve not found a solution yet.
I have exactly the same problem Did you could find the solution?
Has anybody been able to find a resolution here. I am using SignedCms.Decode method on the following data and I get the exact same problem.
Note: This data is a chain of certificates. I can open it Explorer fine.
——BEGIN PKCS #7 SIGNED DATA——
MIIG1wYJKoZIhvcNAQcCoIIGyDCCBsQCAQExADALBgkqhkiG9w0BBwGgggasMIID
fTCCAuagAwIBAgIQM/bzB5+tBYdQytfmiJgEEzANBgkqhkiG9w0BAQUFADCBzjEL
MAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJQ2Fw
ZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhhd3Rl
IFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNlcnZl
ckB0aGF3dGUuY29tMB4XDTA4MTExMTIyNDYxM1oXDTA5MTExMTIyNDYxM1owgYEx
CzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBxMH
UmFsZWlnaDEgMB4GA1UEChMXQUNNRSBJbnRlcm5hdGlvbmFsIEluYy4xDTALBgNV
BAsTBFRlc3QxFjAUBgNVBAMTDTEyNDguYWNtZS5jb20wgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBAM4iIeAvl0Na0CuLq8bAipbL2pP1uNwDxuOVaKUuG+bcVrmk
o2AhqddPP5KAIZl9ctUZDI9Zxs4TVt3GYl2nojiy7pYLyiGtclG7MWPm1iASJhsM
rSMZi1sThpZTd2rSQoRx5oBJsZ779yHkcn9wngnO82b3uc0zn8YxRQPKv+nzAgMB
AAGjgaYwgaMwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEAGA1UdHwQ5
MDcwNaAzoDGGL2h0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQcmVtaXVtU2Vy
dmVyQ0EuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29j
c3AudGhhd3RlLmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBQUAA4GBALEh
ZEPvryBgrNKhD2nug/iOQU6O5jD94O2gQcKgsdARtfoOBOQGI7ZuXkSNNZkmO8c1
6wbgWxwRyrZntCGb3wz4nqB5rRsq29lHEuxeAJ8c/tL2J3ac73BwBEGmlj/L/A8E
MlVhLIExwq5WOqxT7i9b9nQsvw7cAiIjJy9iy3IMMIIDJzCCApCgAwIBAgIBATAN
BgkqhkiG9w0BAQQFADCBzjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4g
Q2FwZTESMBAGA1UEBxMJQ2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3Vs
dGluZyBjYzEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lv
bjEhMB8GA1UEAxMYVGhhd3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcN
AQkBFhlwcmVtaXVtLXNlcnZlckB0aGF3dGUuY29tMB4XDTk2MDgwMTAwMDAwMFoX
DTIwMTIzMTIzNTk1OVowgc4xCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJu
IENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENvbnN1
bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNp
b24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBDQTEoMCYGCSqGSIb3
DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEA0jY2aovXwlue2oFBYo847kkEVdbQ7xwblRZH7xhINTpS9Ctq
Bo87L+pW46+GjZ4X9560ZXUCTe/LCaIhUdib0GfQug2SBhRz1JPLlyoAnFxODLz6
FVL88kRu2hFKbgifLy3j+ao6hnO2RlNYyIkFvYMRuHM/qgeN9EJN50CdHDcCAwEA
AaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQAmSCwWwlj6
6BZ0DKqqX1Q/8tfJeGBeXm43YyJ3Nn6yF8Q0ufUIhfzJATj/Tb7yFkJD57taRvvB
xhEf8UqwKEbJw8RCfbz6q1lu1bdRiBHjpIUZa4JMpAwSremkrj/xw0llmozFyD4l
t5SZu5IycQfwhl7tUCemDaYj+bvLpgcUQjEA
——END PKCS #7 SIGNED DATA——
Asn1 bad tag value met что это
I have a problem with unblocking user smartcards. All is well up to the point where the user executes the unblock of his smartcard. Then the clm website turns up an error
ASN1 bad tag value met.
I have checked the eventlogs on the CLM server and here is wath they turned out!
Certificate Lifecycle manager Log
Event Type: Error
Event Source: System.Web
Event Category: None
Event ID: 0
Date: 2009-04-01
Time: 14:44:43
User: N/A
Computer: JUPITER
Description:
Message:Exception of type ‘System.Web.HttpUnhandledException’ was thrown.
Type:System.Web.HttpUnhandledException
Source:System.Web
Stack Trace: at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.content_sm_requests_myrequests_aspx.ProcessRequest(HttpContext context) in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\clm\446be480\7055ce71\App_Web_j6dw42df.3.cs:line 0
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Inner Exception:Message:ASN1 bad tag value met.
Type:System.Runtime.InteropServices.COMException
Source:
Stack Trace: at Microsoft.Clm.Interop.capicom.EnvelopedDataClass.Decrypt(String EnvelopedMessage)
at Microsoft.Clm.BusinessLayer.DataEncryption.Decrypt(String encrypted)
at Microsoft.Clm.BusinessLayer.DefaultSecretProvider.ReadXml(String xml)
at Microsoft.Clm.BusinessLayer.DefaultSecretProvider.GetSecrets(Request request)
at Microsoft.Clm.BusinessLayer.SecretsUtility.GetNumberOfSecrets(UserProfile profileTemplate, Request clmRequest)
at Microsoft.Clm.Web.MyRequests.NeedAuthorizationOnRequest(Request clmRequest)
at Microsoft.Clm.Web.MyRequests.GetContinueUrl(Request clmRequest)
at Microsoft.Clm.Web.MyRequests.GetExecuteLinkCell(Request clmRequest, String className)
at Microsoft.Clm.Web.MyRequests.requestsGrid_InitializeRow(Object sender, RowEventArgs e)
at Infragistics.WebUI.UltraWebGrid.UltraWebGrid.OnInitializeRow(UltraGridRow row, Object data)
at Infragistics.WebUI.UltraWebGrid.DBBinding.FillRows(UltraWebGrid grid, RowsCollection rows, IEnumerable datasource)
at Infragistics.WebUI.UltraWebGrid.DBBinding.BindList(IEnumerable datasource)
at Infragistics.WebUI.UltraWebGrid.DBBinding.DataBind(Object dataSource, String dataMember)
at Infragistics.WebUI.UltraWebGrid.UltraWebGrid.DataBind()
at Microsoft.Clm.Web.MyRequests.LoadRequests()
at Microsoft.Clm.Web.MyRequests.Page_Load(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1309
Date: 2009-04-01
Time: 14:44:43
User: N/A
Computer: JUPITER
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 2009-04-01 14:44:43
Event time (UTC): 2009-04-01 12:44:43
Event ID: c12334475e0c4569adcce85a32361e05
Event sequence: 244
Event occurrence: 3
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/Root/Clm-1-128830615937963451
Trust level: Full
Application Virtual Path: /Clm
Application Path: C:\Program Files\Microsoft Certificate Lifecycle Manager\web\
Machine name: JUPITER
Process information:
Process ID: 4872
Process name: w3wp.exe
Account name: RIKSBANK\clmWebPool
Exception information:
Exception type: COMException
Exception message: ASN1 bad tag value met.
Asn1 bad tag value met что это
I have a problem with unblocking user smartcards. All is well up to the point where the user executes the unblock of his smartcard. Then the clm website turns up an error
ASN1 bad tag value met.
I have checked the eventlogs on the CLM server and here is wath they turned out!
Certificate Lifecycle manager Log
Event Type: Error
Event Source: System.Web
Event Category: None
Event ID: 0
Date: 2009-04-01
Time: 14:44:43
User: N/A
Computer: JUPITER
Description:
Message:Exception of type ‘System.Web.HttpUnhandledException’ was thrown.
Type:System.Web.HttpUnhandledException
Source:System.Web
Stack Trace: at System.Web.UI.Page.HandleError(Exception e)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
at System.Web.UI.Page.ProcessRequest()
at System.Web.UI.Page.ProcessRequestWithNoAssert(HttpContext context)
at System.Web.UI.Page.ProcessRequest(HttpContext context)
at ASP.content_sm_requests_myrequests_aspx.ProcessRequest(HttpContext context) in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\clm\446be480\7055ce71\App_Web_j6dw42df.3.cs:line 0
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Inner Exception:Message:ASN1 bad tag value met.
Type:System.Runtime.InteropServices.COMException
Source:
Stack Trace: at Microsoft.Clm.Interop.capicom.EnvelopedDataClass.Decrypt(String EnvelopedMessage)
at Microsoft.Clm.BusinessLayer.DataEncryption.Decrypt(String encrypted)
at Microsoft.Clm.BusinessLayer.DefaultSecretProvider.ReadXml(String xml)
at Microsoft.Clm.BusinessLayer.DefaultSecretProvider.GetSecrets(Request request)
at Microsoft.Clm.BusinessLayer.SecretsUtility.GetNumberOfSecrets(UserProfile profileTemplate, Request clmRequest)
at Microsoft.Clm.Web.MyRequests.NeedAuthorizationOnRequest(Request clmRequest)
at Microsoft.Clm.Web.MyRequests.GetContinueUrl(Request clmRequest)
at Microsoft.Clm.Web.MyRequests.GetExecuteLinkCell(Request clmRequest, String className)
at Microsoft.Clm.Web.MyRequests.requestsGrid_InitializeRow(Object sender, RowEventArgs e)
at Infragistics.WebUI.UltraWebGrid.UltraWebGrid.OnInitializeRow(UltraGridRow row, Object data)
at Infragistics.WebUI.UltraWebGrid.DBBinding.FillRows(UltraWebGrid grid, RowsCollection rows, IEnumerable datasource)
at Infragistics.WebUI.UltraWebGrid.DBBinding.BindList(IEnumerable datasource)
at Infragistics.WebUI.UltraWebGrid.DBBinding.DataBind(Object dataSource, String dataMember)
at Infragistics.WebUI.UltraWebGrid.UltraWebGrid.DataBind()
at Microsoft.Clm.Web.MyRequests.LoadRequests()
at Microsoft.Clm.Web.MyRequests.Page_Load(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: ASP.NET 2.0.50727.0
Event Category: Web Event
Event ID: 1309
Date: 2009-04-01
Time: 14:44:43
User: N/A
Computer: JUPITER
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 2009-04-01 14:44:43
Event time (UTC): 2009-04-01 12:44:43
Event ID: c12334475e0c4569adcce85a32361e05
Event sequence: 244
Event occurrence: 3
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/Root/Clm-1-128830615937963451
Trust level: Full
Application Virtual Path: /Clm
Application Path: C:\Program Files\Microsoft Certificate Lifecycle Manager\web\
Machine name: JUPITER
Process information:
Process ID: 4872
Process name: w3wp.exe
Account name: RIKSBANK\clmWebPool
Exception information:
Exception type: COMException
Exception message: ASN1 bad tag value met.
