i'm bit new to ADCS, there was a issue raised from our client saying the certificate Web enrollment page is accessible for anyone connected to network. It works this way, 1) accessing the URL https://xx.xx.xx.xx/certsrv/Default.asp, this URL doesn't have HTTPS and shows up a warning have to proceed unsafe 2) Passing through (continue to website) the HTTP connection establishes and browser asks for authentication (username , password) and 2 options,"submit" and "cancel" 3) When hit on Cancel it shows authentication denied error with error code 404. 4) At this point by hitting on refresh it lands on Web Enrollment page instead of asking for authentication again, which is a authentication by-pass. This works successfully for every user, especially on Chrome and Internet Explorer and fails on Firefox browser. What exactly could be happening?, how can this be fixed?