The Web Site for the CA Must be Configured to use HTTPS
KB ID 0000838 Problem When attempting to contact a server running the Certification Authority Web Enrolment role, you may see the following error. In order to complete certificate enrolment, the Web site for the CA must be configured to use HTTPS authentication Solution The correct fix is to set the web server (IIS) to serve the certificate website securely using https, though you can just set Internet explorer to ‘work’...
Certsrv: Can Only See User and Basic EFS
KB ID 0001552 Problem When connected to the Web Enrolment portal (Certsrv) for your Certificate Services, you attempt to submit a certificate request. But you only see User and Basic EFS under Certificate Templates, like so; Solution I’ve done this myself many times, usually you are looking for the ‘Web Server’ template and it’s not there, so we will use that as an example. Go to your CA Server. Windows Server...
Windows Certificate Services ‘certsrv’ Website displays 403.14
KB ID 0001342 Problem I seem to get all the PKI/Certificate services problems! Yesterday I was trying to use the web enrolment portal on a certificate services server, and could not get in locally, (or remotely) via http, (or https) it simply showed me a 403.14 error. HTTP Error 403.14 Forbidden Solution This was an odd one, in IIS Manager select the ‘Certsrv’ virtual directory > Advanced Options > And look at the...
Server 2012 – Certificate Services – ‘HTTP Error 403.14 – Forbidden’
KB ID 0001067 Problem I spun up a new Certificate Services server on my test network today, because I needed to issue some certificates for something I’m working on. It was a pretty vanilla build, just the Certificate Services role, and the Web Enrollment feature. Solution I spent a while searching this one down, as you can see (above) it was showing me the root cause of the problem. The page you normally see when you log into...
SBS Exchange Certificate Expired
KB ID 0000535 Problem When you setup SBS2008 (and Exchange 2007) it creates and uses a self signed certificate, which is fine. But by default it only lasts two years. The best option is to buy a proper certificate, but if you simply want to generate a new one here’s how to do it. Solution 1. Here you can see your certificate has expired. 2. Normally you need to access your certificate services web enrolment console to carry this...