Assume the following scenario:
- A Certificate Authority Web Enrollment (CAWE) server is installed on the network.
- The role is installed on a separate server, not on the certification authority directly.
- A user attempts to request a certificate via the certification authority web enrollment or submit an existing certificate request to the certification authority.
- The user's login to CAWE fails with HTTP code 403 "Forbidden: Access is denied.":
You do not have permission to view this directory or page using the credentials that you supplied.
The certificate authority web registration is a very old feature from Windows 2000 times - and was last adapted with the release of Windows Server 2003. Accordingly, the code is old and potentially insecure. Likewise, the function supports No certificate templates with version 3 or newer - This means that certificate templates that use functions introduced with Windows Vista / Windows Server 2008 or newer cannot be used. It is recommended that you do not use the certificate authority web registration and instead request certificates via on-board resources or the PSCertificateEnrollment PowerShell module.
Possible causes can be:
- If the CAWE is configured for use via SSL, it should be checked whether the address was called without SSL ("http" prefix) and whether the call with the "https" prefix is successful. It is common and useful to disallow connections to the CAWE without SSL.
English 
Deutsch
One thought on “Die Beantragung eines Zertifikats über die Zertifizierungsstellen-Webregistrierung (CAWE) schlägt fehl mit HTTP Fehlercode 403 „Forbidden: Access is denied.“”
Comments are closed.