To set security for access to certification authority Web pages

1. Log on to the system as an Administrator.
2. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
3. In the console tree, right-click CertSrv, and click Properties..
   • Internet Information Services
   • computer name
   • Default Web Site
   • CertSrv
4. On the Directory Security tab, under Anonymous access and authentication control, click Edit.
5. Clear all check boxes except Integrated Windows authentication.

Important

• An enterprise certification authority (CA) requires that the certificate requester be authenticated by the page so that it can determine the correct information to put in the certificate. If you don't have authentication set for the Web pages in an enterprise CA, then the pages will fail to generate a certificate or, if a certificate is generated, it will be useless. For this reason, integrated Windows authentication is set by default on enterprise CAs. This procedure is provided so that you can confirm the default setting or fix an erroneous change to the IIS Directory Security settings for an enterprise certification authority.

Notes

• You do not need to perform this procedure on a stand-alone certification authority.
• If you cannot locate CertSrv in the console tree, confirm that Certificate Services is installed.
• If Certificate Services is installed and the CertSrv virtual directory doesn't exist, run certutil -vroot from the command prompt to create it.