Thursday, March 29, 2018

IIS certificate completion failure 0x80094004

I had this error brought up to me recently as someone was trying to install a certificate that was issued and sent along with CA chain links.  Often certificate providers will include multiple formats as well as certificate chain information, which can lead to some confusion among application owners that aren't so familiar with all aspects of PKI.  Unfortunately this is usually necessary as many different systems have different requirements for setting up certificates, some of which include the need to manually import the chain.

This particular error suggests something is wrong with a detail on the certificate.  After discussing with the application team that was doing the install, it turned out they were trying to complete the request with one of the certificate authority certificates instead of the certificate that was issued for the CSR request.  After clarifying the matter, they were able to install the correct certificate without any issue.