I was recently on a customers site, implimenting a new 2 tier PKI. For the install the customer had provisioned 2 new virtual Windows 2012 R2 servers for the Issuing CA role.

I was completing the install and configuration. Part of this is to configure the default web site with an SSL certificate to allow for the secure access and requesting of certificate from the “certsrv” virtual directory.

However when we tested the site we was getting the following error – HTTP Error 403.14 – Forbidden

On reviewing Default Website > CertSrv > Advanced Settings.

The physical path was set to C:WindowsSystem32CertSrv this was incorrect and should be set to C:WindowsSystem32CertSrven-US

On changing the physical path and doing an “iisreset” in an administritive cmd prompt. All was good again.