IIS 7 Certificate Request Completion breaking with “ASN1 bad tag value met 0x8009310b”

Only took a couple quick searches Googling with Bing, but in IIS 7 if you create a request for a certificate, create it by a CA and then complete the request, and find it blows up with this message box:

CertEnroll::CX509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b (ASN: 267)

All it means is that the CA that issued the certificate isn’t trusted on the server.  I came across this in a test environment I was building.  I had a Domain with CA Services, and a server that existed outside the domain.  I used the domain CA to create the certificate, but because the web server wasn’t part of the domain, it didn’t trust the CA.

My fix was to add the CA as a trusted Root Authority on the web server.