Intermediate SSL certificate on IIS4

That worked great... it seems like many people are experiencing the same
problems getting SGCINST to work.

I also managed to get the certificate to work by opening Internet Options /
Content / Certificates and importing the .cer file that way. Basically the
same thing as double clicking the file.

Good website to find though it will help many!

-Kent




"Dan Boylett" <parc_erom.TakeThisOut@crossdata.co.uk> wrote in message
news:eO0ep1e1DHA.1740@TK2MSFTNGP09.phx.gbl...
 >
 > "Dan Boylett" <parc_erom.TakeThisOut@crossdata.co.uk> wrote in message
 > news:Oe7Ax3d1DHA.2160@TK2MSFTNGP12.phx.gbl...
  > > I'm trying to update my verisgn intermediary certificate for two web
  > > servers.
  > > One is on 2011, and there is fine. The other two expired at midnight
last
  > > night.
  > >
  > > When I follow Verisign's instructions I get this message from IIS4 :
  > >
  > > sgcinst: Error in parsing certificate data: 8009310b
  > >
  > > Verisign's very helpful tech desk has told me "In IIS4 we don't know how
 > to
  > > fix that"
 >
 > Found a solution... follow the instructions here :
 >
<font color=purple> > <a style='text-decoration: underline;' href="http://www.safescrypt.com/faq/faqIntermediateCAforGSID.htm</font" target="_blank">http://www.safescrypt.com/faq/faqIntermediateCAforGSID.htm</font</a>>
 >
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Intermediate SSL certificate on IIS4 

Well... I thought it worked. I was able to remove the old outdated
certificate and I successfully installed the new one that expires in 2011, I
restarted IIS both from Services and from the MMC plug-in and have even
restarted the computer but it still tells me the certificate is outdated.

I have seen others still having this problem... does anybody else have any
ideas?

Thanks!
Kent



"Kent Meyer" <kent.meyer DeleteThis @srfc.com> wrote in message
news:uRF%2378t1DHA.3656@TK2MSFTNGP11.phx.gbl...
 > That worked great... it seems like many people are experiencing the same
 > problems getting SGCINST to work.
 >
 > I also managed to get the certificate to work by opening Internet Options
/
 > Content / Certificates and importing the .cer file that way. Basically the
 > same thing as double clicking the file.
 >
 > Good website to find though it will help many!
 >
 > -Kent
 >
 >
 >
 >
 > "Dan Boylett" <parc_erom DeleteThis @crossdata.co.uk> wrote in message
 > news:eO0ep1e1DHA.1740@TK2MSFTNGP09.phx.gbl...
  > >
  > > "Dan Boylett" <parc_erom DeleteThis @crossdata.co.uk> wrote in message
  > > news:Oe7Ax3d1DHA.2160@TK2MSFTNGP12.phx.gbl...
   > > > I'm trying to update my verisgn intermediary certificate for two web
   > > > servers.
   > > > One is on 2011, and there is fine. The other two expired at midnight
 > last
   > > > night.
   > > >
   > > > When I follow Verisign's instructions I get this message from IIS4 :
   > > >
   > > > sgcinst: Error in parsing certificate data: 8009310b
   > > >
   > > > Verisign's very helpful tech desk has told me "In IIS4 we don't know
how
  > > to
   > > > fix that"
  > >
  > > Found a solution... follow the instructions here :
  > >
<font color=green>  > > <a style='text-decoration: underline;' href="http://www.safescrypt.com/faq/faqIntermediateCAforGSID.htm</font" target="_blank">http://www.safescrypt.com/faq/faqIntermediateCAforGSID.htm</font</a>>
  > >
  > >
  > >
 >
 ><!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Intermediate SSL certificate on IIS4 

Try Verisign's own Knowledge Base article VS99 (repeated in full
below) and then MS KB194889.
We were having the exact same problem (and exact error code,
unhelpfully not documented by either Verisign or Microsoft) and this
solution fixed it.

<SOLUTION>
Solution ID: vs99
Solution Title: Error: "The certificate is invalid. Please
double-check that you have chosen the correct file. CAPI2 error =
80093005" during installation of a 128-bit certificate
Cause: A required Microsoft utility was not ran prior to installation
of the certificate.

Symptom: Error: "The certificate is invalid. Please double-check that
you have chosen the correct file. CAPI2 error = 80093004"
Error: CAPI2 error = 80093005
Cannot install certificate
Error occurs during installation

Resolution: VeriSign's 128-bit certificates include both the
Intermediate Certificate Authority (CA) and the actual certificate.
Microsoft IIS 3.0 and 4.0 require the installation of the Intermediate
CA and certificate separately. A Microsoft utility called SGCinst.exe
must be ran prior to installation. This utility parses the
Intermediate CA from the certificate, installs the Intermediate CA,
and creates an output file that excludes the Intermediate CA for
installation. For instructions on installing a Secure Site Pro
(Global) or Managed PKI for SSL (Premium Edition) certificate, see
solution vs1994.

This applies to: (Includes, but not limited to) Microsoft IIS 4.0
Microsoft IIS 3.0
Managed PKI for SSL (Premium Edition)
Secure Site Pro (Global) Certificate



Comments:

Thanks for using VeriSign Knowledgebase
</SOLUTION>


"Dan Boylett" <parc_erom.DeleteThis@crossdata.co.uk> wrote in message news:<Oe7Ax3d1DHA.2160.DeleteThis@TK2MSFTNGP12.phx.gbl>...
 > I'm trying to update my verisgn intermediary certificate for two web
 > servers.
 > One is on 2011, and there is fine. The other two expired at midnight last
 > night.
 >
 > When I follow Verisign's instructions I get this message from IIS4 :
 >
 > sgcinst: Error in parsing certificate data: 8009310b
 >
 > Verisign's very helpful tech desk has told me "In IIS4 we don't know how to
 > fix that"
 >
 > Anyone else got a suggestion?<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Intermediate SSL certificate on IIS4 

I have tried this approach as well... Verisign's initial message talked
about using SGCINST to install the certificate. SGCINST is how I installed
the original security certificate for our site on this server.

However, when I try to run the program now it gives me "Error in parsing
certificate date: 8009310b." I also got the same error with the 80093005
message you mentioned below. I can't get the SGCINST program to generate the
output file.

This is so frustrating... I know that IIS4 is part of the problem since it
is older but it is pretty bad that Verisign is unwilling to help with this!
I'm sure I'm not the only one feeling this way!

-Kent



"Crispin Billson" <crispin.billson RemoveThis @gissings.co.uk> wrote in message
news:78fc7204.0401130103.1c8d5866@posting.google.com...
 > Try Verisign's own Knowledge Base article VS99 (repeated in full
 > below) and then MS KB194889.
 > We were having the exact same problem (and exact error code,
 > unhelpfully not documented by either Verisign or Microsoft) and this
 > solution fixed it.
 >
 > <SOLUTION>
 > Solution ID: vs99
 > Solution Title: Error: "The certificate is invalid. Please
 > double-check that you have chosen the correct file. CAPI2 error =
 > 80093005" during installation of a 128-bit certificate
 > Cause: A required Microsoft utility was not ran prior to installation
 > of the certificate.
 >
 > Symptom: Error: "The certificate is invalid. Please double-check that
 > you have chosen the correct file. CAPI2 error = 80093004"
 > Error: CAPI2 error = 80093005
 > Cannot install certificate
 > Error occurs during installation
 >
 > Resolution: VeriSign's 128-bit certificates include both the
 > Intermediate Certificate Authority (CA) and the actual certificate.
 > Microsoft IIS 3.0 and 4.0 require the installation of the Intermediate
 > CA and certificate separately. A Microsoft utility called SGCinst.exe
 > must be ran prior to installation. This utility parses the
 > Intermediate CA from the certificate, installs the Intermediate CA,
 > and creates an output file that excludes the Intermediate CA for
 > installation. For instructions on installing a Secure Site Pro
 > (Global) or Managed PKI for SSL (Premium Edition) certificate, see
 > solution vs1994.
 >
 > This applies to: (Includes, but not limited to) Microsoft IIS 4.0
 > Microsoft IIS 3.0
 > Managed PKI for SSL (Premium Edition)
 > Secure Site Pro (Global) Certificate
 >
 >
 >
 > Comments:
 >
 > Thanks for using VeriSign Knowledgebase
 > </SOLUTION>
 >
 >
 > "Dan Boylett" <parc_erom RemoveThis @crossdata.co.uk> wrote in message
news:<Oe7Ax3d1DHA.2160 RemoveThis @TK2MSFTNGP12.phx.gbl>...
  > > I'm trying to update my verisgn intermediary certificate for two web
  > > servers.
  > > One is on 2011, and there is fine. The other two expired at midnight
last
  > > night.
  > >
  > > When I follow Verisign's instructions I get this message from IIS4 :
  > >
  > > sgcinst: Error in parsing certificate data: 8009310b
  > >
  > > Verisign's very helpful tech desk has told me "In IIS4 we don't know how
to
  > > fix that"
  > >
  > > Anyone else got a suggestion?<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Intermediate SSL certificate on IIS4 

Ah - that's a real shame. I thought the fact that we had experienced
the same 8009310b error on an NT4/IIS4 setup meant that the solution
would be mutual.

I suppose I've been in the game long enough to realise that was a
naive assumption!

Funnily enough we've had a few problems with renewing our Verisign
certs on a number of different setups this week. Particularly fun was
trying to find out why a cert on a W2K/IIS5 setup expired overnight
without warning. Apparently the intermediate cert had expired (we
were neither forewarned of this nor was this rectified in a Windows
Update).
We had to mess around in cert manager under MMC to fix this (a new one
on me!).

Are your root certs and intermediate certs all up to date?

Let me know the URL of the server that's playing up and I'll see if my
browser returns any tell-tale signs of what might be up with your
current setup. Worth a try anyway!

Cheers,
Crispin.


"Kent Meyer" <kent.meyer.RemoveThis@srfc.com> wrote in message news:<#PLAX7e2DHA.2308@TK2MSFTNGP11.phx.gbl>...
 > I have tried this approach as well... Verisign's initial message talked
 > about using SGCINST to install the certificate. SGCINST is how I installed
 > the original security certificate for our site on this server.
 >
 > However, when I try to run the program now it gives me "Error in parsing
 > certificate date: 8009310b." I also got the same error with the 80093005
 > message you mentioned below. I can't get the SGCINST program to generate the
 > output file.
 >
 > This is so frustrating... I know that IIS4 is part of the problem since it
 > is older but it is pretty bad that Verisign is unwilling to help with this!
 > I'm sure I'm not the only one feeling this way!
 >
 > -Kent
 >
 >
 >
 > "Crispin Billson" <crispin.billson.RemoveThis@gissings.co.uk> wrote in message
 > news:78fc7204.0401130103.1c8d5866@posting.google.com...
  > > Try Verisign's own Knowledge Base article VS99 (repeated in full
  > > below) and then MS KB194889.
  > > We were having the exact same problem (and exact error code,
  > > unhelpfully not documented by either Verisign or Microsoft) and this
  > > solution fixed it.
  > >
  > > <SOLUTION>
  > > Solution ID: vs99
  > > Solution Title: Error: "The certificate is invalid. Please
  > > double-check that you have chosen the correct file. CAPI2 error =
  > > 80093005" during installation of a 128-bit certificate
  > > Cause: A required Microsoft utility was not ran prior to installation
  > > of the certificate.
  > >
  > > Symptom: Error: "The certificate is invalid. Please double-check that
  > > you have chosen the correct file. CAPI2 error = 80093004"
  > > Error: CAPI2 error = 80093005
  > > Cannot install certificate
  > > Error occurs during installation
  > >
  > > Resolution: VeriSign's 128-bit certificates include both the
  > > Intermediate Certificate Authority (CA) and the actual certificate.
  > > Microsoft IIS 3.0 and 4.0 require the installation of the Intermediate
  > > CA and certificate separately. A Microsoft utility called SGCinst.exe
  > > must be ran prior to installation. This utility parses the
  > > Intermediate CA from the certificate, installs the Intermediate CA,
  > > and creates an output file that excludes the Intermediate CA for
  > > installation. For instructions on installing a Secure Site Pro
  > > (Global) or Managed PKI for SSL (Premium Edition) certificate, see
  > > solution vs1994.
  > >
  > > This applies to: (Includes, but not limited to) Microsoft IIS 4.0
  > > Microsoft IIS 3.0
  > > Managed PKI for SSL (Premium Edition)
  > > Secure Site Pro (Global) Certificate
  > >
  > >
  > >
  > > Comments:
  > >
  > > Thanks for using VeriSign Knowledgebase
  > > </SOLUTION>
  > >
  > >
  > > "Dan Boylett" <parc_erom.RemoveThis@crossdata.co.uk> wrote in message
 > news:<Oe7Ax3d1DHA.2160.RemoveThis@TK2MSFTNGP12.phx.gbl>...
   > > > I'm trying to update my verisgn intermediary certificate for two web
   > > > servers.
   > > > One is on 2011, and there is fine. The other two expired at midnight
 > last
   > > > night.
   > > >
   > > > When I follow Verisign's instructions I get this message from IIS4 :
   > > >
   > > > sgcinst: Error in parsing certificate data: 8009310b
   > > >
   > > > Verisign's very helpful tech desk has told me "In IIS4 we don't know how
 > to
   > > > fix that"
   > > >
   > > > Anyone else got a suggestion?<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Intermediate SSL certificate on IIS4 

Actually I was able to find ANOTHER Verisign support document (about the 4th
different one on the topic) that explained another alternative way to
register it using the SGCINST program. It also contained a different
certificate chain. I followed this document and all worked well. The addres
is:

<a style='text-decoration: underline;' href="https://www.verisign.com/support/site/caReplacement.html" target="_blank">https://www.verisign.com/support/site/caReplacement.html</a>

This worked like a charmed without a single hitch. I am up to date now and
not getting the expired certificate warning! Yippee!

Thanks for all the help everyone and for the good ideas. At least we finally
found a way to get it to work... funny how it is working differently for
different people.....

Thanks again!
Kent



"Crispin Billson" <crispin.billson DeleteThis @gissings.co.uk> wrote in message
news:78fc7204.0401140357.3ece62bf@posting.google.com...
 > Ah - that's a real shame. I thought the fact that we had experienced
 > the same 8009310b error on an NT4/IIS4 setup meant that the solution
 > would be mutual.
 >
 > I suppose I've been in the game long enough to realise that was a
 > naive assumption!
 >
 > Funnily enough we've had a few problems with renewing our Verisign
 > certs on a number of different setups this week. Particularly fun was
 > trying to find out why a cert on a W2K/IIS5 setup expired overnight
 > without warning. Apparently the intermediate cert had expired (we
 > were neither forewarned of this nor was this rectified in a Windows
 > Update).
 > We had to mess around in cert manager under MMC to fix this (a new one
 > on me!).
 >
 > Are your root certs and intermediate certs all up to date?
 >
 > Let me know the URL of the server that's playing up and I'll see if my
 > browser returns any tell-tale signs of what might be up with your
 > current setup. Worth a try anyway!
 >
 > Cheers,
 > Crispin.
 >
 >
 > "Kent Meyer" <kent.meyer DeleteThis @srfc.com> wrote in message
news:<#PLAX7e2DHA.2308@TK2MSFTNGP11.phx.gbl>...
  > > I have tried this approach as well... Verisign's initial message talked
  > > about using SGCINST to install the certificate. SGCINST is how I
installed
  > > the original security certificate for our site on this server.
  > >
  > > However, when I try to run the program now it gives me "Error in parsing
  > > certificate date: 8009310b." I also got the same error with the 80093005
  > > message you mentioned below. I can't get the SGCINST program to generate
the
  > > output file.
  > >
  > > This is so frustrating... I know that IIS4 is part of the problem since
it
  > > is older but it is pretty bad that Verisign is unwilling to help with
this!
  > > I'm sure I'm not the only one feeling this way!
  > >
  > > -Kent
  > >
  > >
  > >
  > > "Crispin Billson" <crispin.billson DeleteThis @gissings.co.uk> wrote in message
  > > news:78fc7204.0401130103.1c8d5866@posting.google.com...
   > > > Try Verisign's own Knowledge Base article VS99 (repeated in full
   > > > below) and then MS KB194889.
   > > > We were having the exact same problem (and exact error code,
   > > > unhelpfully not documented by either Verisign or Microsoft) and this
   > > > solution fixed it.
   > > >
   > > > <SOLUTION>
   > > > Solution ID: vs99
   > > > Solution Title: Error: "The certificate is invalid. Please
   > > > double-check that you have chosen the correct file. CAPI2 error =
   > > > 80093005" during installation of a 128-bit certificate
   > > > Cause: A required Microsoft utility was not ran prior to installation
   > > > of the certificate.
   > > >
   > > > Symptom: Error: "The certificate is invalid. Please double-check that
   > > > you have chosen the correct file. CAPI2 error = 80093004"
   > > > Error: CAPI2 error = 80093005
   > > > Cannot install certificate
   > > > Error occurs during installation
   > > >
   > > > Resolution: VeriSign's 128-bit certificates include both the
   > > > Intermediate Certificate Authority (CA) and the actual certificate.
   > > > Microsoft IIS 3.0 and 4.0 require the installation of the Intermediate
   > > > CA and certificate separately. A Microsoft utility called SGCinst.exe
   > > > must be ran prior to installation. This utility parses the
   > > > Intermediate CA from the certificate, installs the Intermediate CA,
   > > > and creates an output file that excludes the Intermediate CA for
   > > > installation. For instructions on installing a Secure Site Pro
   > > > (Global) or Managed PKI for SSL (Premium Edition) certificate, see
   > > > solution vs1994.
   > > >
   > > > This applies to: (Includes, but not limited to) Microsoft IIS 4.0
   > > > Microsoft IIS 3.0
   > > > Managed PKI for SSL (Premium Edition)
   > > > Secure Site Pro (Global) Certificate
   > > >
   > > >
   > > >
   > > > Comments:
   > > >
   > > > Thanks for using VeriSign Knowledgebase
   > > > </SOLUTION>
   > > >
   > > >
   > > > "Dan Boylett" <parc_erom DeleteThis @crossdata.co.uk> wrote in message
  > > news:<Oe7Ax3d1DHA.2160 DeleteThis @TK2MSFTNGP12.phx.gbl>...
   > > > > I'm trying to update my verisgn intermediary certificate for two web
   > > > > servers.
   > > > > One is on 2011, and there is fine. The other two expired at midnight
  > > last
   > > > > night.
   > > > >
   > > > > When I follow Verisign's instructions I get this message from IIS4 :
   > > > >
   > > > > sgcinst: Error in parsing certificate data: 8009310b
   > > > >
   > > > > Verisign's very helpful tech desk has told me "In IIS4 we don't know
how
  > > to
   > > > > fix that"
   > > > >
   > > > > Anyone else got a suggestion?<!-- ~MESSAGE_AFTER~ -->
 >> Stay informed about: Intermediate SSL certificate on IIS4