CAWeb Enrollment error 403.14

A short blogpost about my PKI/IIS challenge today


The Certification Authority Web Enrollment is the webpage where you can logon to request certificated or download crls from your CA. One of my challenges today was that a newly installed issuing CA was unable to configure the Web enrollment webpage correctly. No matter what I did I always got the “403.14 – Forbidden” error.

After quite a bit of troubleshooting, including removing and re-adding roles using both Server Manager and powershell and reboots between the steps I was no closer to a solution. One of my Google-searches lead me to where he suggests to check that default.asp is located in the path C:WindowsSystem32CertSrven-US.

I had the file and everything there was correct, but that lead the to check the path of the website itself. For some reason IIS kept linking the /certsrv site to C:WindowsSystem32CertSrv which is the parent folder, so as soon as I changed the path from C:WindowsSystem32CertSrv to C:WindowsSystem32CertSrven-US in IIS…

View original post 3 more words