If the directory where your Microsoft Certificate Server certificates are stored cannot be read by KM server when you enable V3 certificates, the following error can occur.
The Key Management Server was not able to complete a security operation because it was not able to contact the certificate server. Make sure the certificate server is operating and that the Key Management Server can gain access to it.
The service account that KM server runs under must be granted Read access to the directory where your Certificate Server certificates are stored. This directory should be shared to the Windows NT Everyone account as readable. If KM server is installed in one domain and your Microsoft Certificate Server computer is in another domain, KM server must be able to read the shared directory. You must set up the domain's trust relationships appropriately to ensure the folder is readable.