Windows Server 2012 Certification Authority’In order to complete certificate enrolment, the Web site for the CA must be configured to use HTTPS authentication’


KB ID 0000838 Dtd 03/08/13


When attempting to contact a server running the Certification Authority Web Enrolment role, you may see the following error.

In order to complete certificate enrollment, the Web site for the CA

In order to complete certificate enrolment, the Web site for the CA must be configured to use HTTPS authentication


The correct fix is to set the web server (IIS) to serve the certificate website securely using https, though you can just set Internet explorer to ‘work’ from your client machine if you are in a hurry.

Make Internet Explorer Work Without Error

Note: This would need to be done on every machine that you wanted to access the Certificate Services web portal from.

1. From within Internet Explorer > Internet Options > Security > Trusted Sites > Sites.

Edit Trusted Sites

2. Untick ‘Require server verification (https:) for all sites in this zone’ > Then add in the URL of the CA > Close.

Add to Trusted Sites

3. With Trusted sites still selected > Custom level > ‘Initialize and script ActiveX controls not marked as safe for scripting’ > Enable > OK > Yes.

Initialize and script ActiveX controls

4. Restart the browser and try again.

2012 CA Web

Set IIS to serve Certificate Services Securely (via https).

This assumes you have your CA and the web portal installed correctly.

1. On the Certificate Services Server > Launch IIS Manager > Expand {server-name} > Sites > Default Web Site > Right Click > Edit Bindings > https > Edit > Select the self signed server certificate [NOT the CA ONE] > OK.

IIS Edit Bindings

2. Expand Default Web Site > Certsrv > SSL Settings.

2012 Cert Services require https

3. Tick ‘Require SSL’ > Apply.

Certsrv Require SSL

4. That should be all you need, if it does not take effect straight away then drop to command line and run iisreset /noforce.

Related Articles, References, Credits, or External Links


Author: Migrated

Share This Post On