Do you see the certsvc virtual directory in IIS-Manager?
If not, did you install ADCS-Webservices?
I think you don't use a proxy, am I right?
Hello,
is the default web service started? Maybe another site use the same port as the default web service, so the site was stopped. So you have to change the port or temporary deactivate the other site
Hi,
Any updates on this issue?
Have you verified the settings as mentioned above?
Regards,
Hello,
I'm having the same problem. I have also tried uninstalling/reinstalling both the CA and IIS. In anwser to the question above, I see the virtual directory /CertEnroll only. When I tried to add /CertSrv I get an error "....already exists..." Initially I thought the problem was related to the domain controllers certificate, since regardless of how I try, I can't create the certificate without having the computer name in the subject ie CN=myserver.csptest.testdomain.com, as apposed to CN=csptest.testdomain.com. Attempts to influnce the name have no effect. According to the documentation the complete name must appear in either Subject Alternate or Subject but adding Subject:CN=csptest.testdomain.com; Subject Alternate:myserver.csptest.testdomain.com will still create a certificate that as the computer dns name.
I can't access the CA's web pages using http://csptest.testdomain.com/CertSrv yields access forbidden the https://csptest.testdomain.com/CertSrv yields the error "....the pages cannot be displayed..."
I have verified that the CA is working. I can access all http pages and issue certificates. But I cannot access the CA using the web pages nor can I access any other secure site using https.
Can someone help me?
Regards,
Robert
Might be obvious but did you install the "Certificate Authority Web Enrollment" role service together with the CA?
Hi ll,
I have the same issue. This is a test environment, fresh build from scratch.
All Servers are 2008R2 SP1
ALL Clients are Win7 Ultimate SP1
All are fully patched with all updates.
Installed the CA role and web Enrollment.
I cannot access the HTTPS version of the site from IIS, can only access the HTTP version. I'm stumped.
Any assistance greatly appreciated
Cheers
***UPDATE***
I found the solution (In my case at least)
On the Cert Server:
Go to IIS and make a new request for a domain certificate as follows:
1. IIS, expand so you can see the server name
2. In the main window, double click on "Server Certificates"
3. In the action pane, click on "Create Domain Certificate"
4. Enter relevant details. Restart IIS and then the HTTPS website will appear in the list of sites to browse within IIS.
What I am not sure of is why this needed to be done. I would have expected this as "a given" through the installation process.
However, this is a network installed for learning so I guess I am doing just that!
Hope this helps put someone else in the right direction.
Hi All,
I've had this same issue and the problem was that I had logged in with a local account (<Username> + <Password>).
Assuming you are joined to a domain, to resolve the issue, uninstall your CA role and services, log in with a domain profile instead (ie <Username@domain.com>+<Password>), reinstall CA role and services.
you should now be able to access localhost/certserv to issue your cert.
The key is you must log in with a domain profile to administer domain functions.
Regards,
- Dan
Might not be the same problem your having, but I ran into this:
My 2008R2 install puts the code needed for the "Certificate Authority Web Enrollment" service into the "C:\Windows\System32\certsrv\en-US" directory. So the default URL is http://localhost/CertSrv/en-us not http://localhost/CertSrv.
If you want to make it use the http://localhost/CertSrv, copy all the files from the "en-US" directory to the certserv directory. Then modify the default.asp file located in the certsrv directory as follows:
Open the file in notepad, and find the line at the top that looks like this: <!-- #include FILE="..\certdat.inc" -->
edit that line to make it look like this: <!-- #include FILE="certdat.inc" -->
Your just changing the relative path where IIS looks for the certdat.inc file. It exists in the certsrv directory, so you have to tell IIS to look in its current directory rather than the one above it.
this worked for me. Hope it helps you.
This may seem a tad simple but I'm currently doing exercise labs on a virtual machine and I was having this very problem. That is until I realized that I was attempting to access http://localhost/certsrv on the client computer instead of the Server machine. After switching to the Server it brought up the certificate host no problem.
I realize this was posted almost a month ago but if anyone else has this issue and comes here make sure you are on the server or domain controller when attempting to access the certsrv.
I realize this is an old forum, but I had the same issue and finally figured out the problem. I needed to create a self-signed certificate and bind the ssl port (443) to the new self-signed certificate rather than binding it to the CA Root Certificate. Both links below describe the fix. Hope this helps others and have a great Sys Admin Day!!
http://blogs.msdn.com/b/rakkimk/archive/2007/05/25/iis-7-how-to-configure-a-website-for-https.aspx
http://learn.iis.net/page.aspx/144/how-to-set-up-ssl-on-iis/
Have you had any success with your problem? I am having issues with a 2003 Exchange box I am using. I tried to go to http://server/certsrv and it gives me a 404 error. If I use http://server/certsrv, it tells me it is a secure server and needs the https://.
http://www.msexchange.org/articles-tutorials/exchange-server-2003/security-message-hygiene/SSL_Enabling_OWA_2003.html
I followed the above link to the letter. I am wondering if maybe I should have been putting in the address of the Domain Controller. When I try for the Exchange server, it says, not available, or busy.
Any help would be much appreciated . Thanks!
Here is a small blog for Troubleshooting PKI
and here is the White paper for the web enrollement service
http://www.microsoft.com/en-us/download/details.aspx?id=1746
Fo higher security I allways use https for my PKI Services
Hey all, i was able to fix it by doing 2 things.
1) create the new domain cert under as described by Joner29 above
2) use the following URL: Https://<server ip>/certsrv/default.asp
i am sure there is a way to tell IIS to do the redirect but i am not really trying to learn IIS, just trying to download my CRL :)