dimanche 3 avril 2011 20:52Hello, I have been trying for two days now trying to access windows 2008 certificate server "https://localhost/certsrv" with no luck. I've removed certificate services and IIS and reinstalled but still no luck. Can someone assist me with this. I am at a loss.
Toutes les réponses
lundi 4 avril 2011 12:48
Do you see the certsvc virtual directory in IIS-Manager?
If not, did you install ADCS-Webservices?
I think you don't use a proxy, am I right?
- Proposé comme réponse kkaushal17 mercredi 11 juillet 2012 09:46
jeudi 7 avril 2011 14:17
is the default web service started? Maybe another site use the same port as the default web service, so the site was stopped. So you have to change the port or temporary deactivate the other site
vendredi 8 avril 2011 05:12Modérateur
Any updates on this issue?
Have you verified the settings as mentioned above?
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
mardi 28 juin 2011 14:51
I'm having the same problem. I have also tried uninstalling/reinstalling both the CA and IIS. In anwser to the question above, I see the virtual directory /CertEnroll only. When I tried to add /CertSrv I get an error "....already exists..." Initially I thought the problem was related to the domain controllers certificate, since regardless of how I try, I can't create the certificate without having the computer name in the subject ie CN=myserver.csptest.testdomain.com, as apposed to CN=csptest.testdomain.com. Attempts to influnce the name have no effect. According to the documentation the complete name must appear in either Subject Alternate or Subject but adding Subject:CN=csptest.testdomain.com; Subject Alternate:myserver.csptest.testdomain.com will still create a certificate that as the computer dns name.
I can't access the CA's web pages using http://csptest.testdomain.com/CertSrv yields access forbidden the https://csptest.testdomain.com/CertSrv yields the error "....the pages cannot be displayed..."
I have verified that the CA is working. I can access all http pages and issue certificates. But I cannot access the CA using the web pages nor can I access any other secure site using https.
Can someone help me?
vendredi 22 juillet 2011 18:38
Might be obvious but did you install the "Certificate Authority Web Enrollment" role service together with the CA?
Technical Specialist Microsoft OCS/Lync & UC Voice Specialisation - http://www.uwictpartner.be
If you think my post is the answer to your question, please mark it as answer so future visitors can easily find it.
lundi 14 novembre 2011 15:41I dont think he could have access the site trhough http without that role service...
mercredi 11 janvier 2012 07:40
I have the same issue. This is a test environment, fresh build from scratch.
All Servers are 2008R2 SP1
ALL Clients are Win7 Ultimate SP1
All are fully patched with all updates.
Installed the CA role and web Enrollment.
I cannot access the HTTPS version of the site from IIS, can only access the HTTP version. I'm stumped.
Any assistance greatly appreciated
I found the solution (In my case at least)
On the Cert Server:
Go to IIS and make a new request for a domain certificate as follows:
1. IIS, expand so you can see the server name
2. In the main window, double click on "Server Certificates"
3. In the action pane, click on "Create Domain Certificate"
4. Enter relevant details. Restart IIS and then the HTTPS website will appear in the list of sites to browse within IIS.
What I am not sure of is why this needed to be done. I would have expected this as "a given" through the installation process.
However, this is a network installed for learning so I guess I am doing just that!
Hope this helps put someone else in the right direction.
- Modifié Joner39 mercredi 11 janvier 2012 13:56 More Information
jeudi 12 avril 2012 23:40
I've had this same issue and the problem was that I had logged in with a local account (<Username> + <Password>).
Assuming you are joined to a domain, to resolve the issue, uninstall your CA role and services, log in with a domain profile instead (ie <Username@domain.com>+<Password>), reinstall CA role and services.
you should now be able to access localhost/certserv to issue your cert.
The key is you must log in with a domain profile to administer domain functions.
- Proposé comme réponse Dan_L_Hansen jeudi 12 avril 2012 23:40
vendredi 18 mai 2012 16:44
Might not be the same problem your having, but I ran into this:
My 2008R2 install puts the code needed for the "Certificate Authority Web Enrollment" service into the "C:\Windows\System32\certsrv\en-US" directory. So the default URL is http://localhost/CertSrv/en-us not http://localhost/CertSrv.
If you want to make it use the http://localhost/CertSrv, copy all the files from the "en-US" directory to the certserv directory. Then modify the default.asp file located in the certsrv directory as follows:
Open the file in notepad, and find the line at the top that looks like this: <!-- #include FILE="..\certdat.inc" -->
edit that line to make it look like this: <!-- #include FILE="certdat.inc" -->
Your just changing the relative path where IIS looks for the certdat.inc file. It exists in the certsrv directory, so you have to tell IIS to look in its current directory rather than the one above it.
this worked for me. Hope it helps you.
- Proposé comme réponse rexif vendredi 18 mai 2012 16:52
lundi 21 mai 2012 03:42
This may seem a tad simple but I'm currently doing exercise labs on a virtual machine and I was having this very problem. That is until I realized that I was attempting to access http://localhost/certsrv on the client computer instead of the Server machine. After switching to the Server it brought up the certificate host no problem.
I realize this was posted almost a month ago but if anyone else has this issue and comes here make sure you are on the server or domain controller when attempting to access the certsrv.
mercredi 22 août 2012 12:43
I realize this is an old forum, but I had the same issue and finally figured out the problem. I needed to create a self-signed certificate and bind the ssl port (443) to the new self-signed certificate rather than binding it to the CA Root Certificate. Both links below describe the fix. Hope this helps others and have a great Sys Admin Day!!