Set security for access to certification authority Web pages
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To set security for access to certification authority Web pages
Log on to the system as an Internet Information Services Administrator.
Click Start, point to Programs, point to Administrative Tools, and then click Internet Information Services.
In the console tree, right-click CertSrv, and click Properties.
Where?
- Internet Information Services/Computer Name/Web Sites/Default Web Site/CertSrv
On the Directory Security tab, under Anonymous access and authentication control, click Edit.
Clear all check boxes exceptIntegrated Windows authentication.
Important
- An enterprise certification authority (CA) requires that the certificate requester be authenticated by the page so that it can determine the correct information to put in the certificate. If you don't have authentication set for the Web pages in an enterprise CA, then the pages will fail to generate a certificate or, if a certificate is generated, it will be useless. For this reason, integrated Windows authentication is set by default on enterprise CAs. This procedure is provided so that you can confirm the default setting or fix an erroneous change to the IIS Directory Security settings for an enterprise certification authority.
Notes
You do not need to perform this procedure on a stand-alone certification authority.
If you cannot locate CertSrv in the console tree, confirm that Certificate Services is installed.
If Certificate Services is installed and the CertSrv virtual directory doesn't exist, run certutil -vroot from the command prompt to create it.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.