Any PKI gurus out there? This seems minor but wanted to get some advice. I've never setup PKI before so keep that in mind. DFL/FFL 2008 R2, but all PKI components are on 2012 R2.
Have all the components installed and we have 2 servers that act as OCSP Responders and Web Enrolment boxes. When I tried to navigate to the web enrollment page (https://servername/certsrv ) I got a 403 access denied message. After doing some Googling, I found this blog post: https://social.technet.microsoft.com/Forums/windows/en-US/66cdefa0-2e82-4973-8d07-a479f69a227d/adcs-certification-authority-web-enrollment-http-error-40314-forbidden?forum=winserversecurity And I checked our installation and that seems to be the same situation. If I navigate to this URL (https://servername/certsrv/en-US/default.asp ), it works as expected. And looking at the physical path property of the CertSrv application in IIS, seems to back this up: [cid:[email protected]] Should the path be (C:\Windows\system32\CertSrv\en-US) ? do I need to modify that? From what I'm reading this should just work. The path should have been correct. Did something modify this? Part of the problem is that I got pulled into this project, so I didn't build any of it. So not sure of a how all this was built. From what I'm seeing everything else seems be correct, but I'm still getting up to speed. Appreciate any help. Thanks Christopher Bodnar Enterprise Architect II, Corporate Office of Technology:Enterprise Architecture and Engineering Services Tel 610-807-6459 3900 Burgess Place, Bethlehem, PA 18017 [email protected]<mailto:> [cid:[email protected]] The Guardian Life Insurance Company of America www.guardianlife.com<http://www.guardianlife.com/> ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you.
