The Certification Authority Web Enrollment is the webpage where you can logon to request certificated or download crls from your CA. One of my challenges today was that a newly installed issuing CA was unable to configure the Web enrollment webpage correctly. No matter what I did I always got the “403.14 – Forbidden” error.

After quite a bit of troubleshooting, including removing and re-adding roles using both Server Manager and powershell and reboots between the steps I was no closer to a solution. One of my Google-searches lead me to http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_26623918.html where he suggests to check that default.asp is located in the path C:\Windows\System32\CertSrv\en-US.

I had the file and everything there was correct, but that lead the to check the path of the website itself. For some reason IIS kept linking the /certsrv site to C:\Windows\System32\CertSrv which is the parent folder, so as soon as I changed the path from C:\Windows\System32\CertSrv to C:\Windows\System32\CertSrv\en-US in IIS everything was ok.

cawebenroll