Can anyone point me in the direction of a step-by-step guide for issuing a user certificate to a non-domain user account such as you would find on a non-domain joined computer in a DMZ environment?
The end-goal is to map the user certificate to a user account on a local server that is not domain joined to use with WinRM service so that a client administrator machine can use certificate for authentication and user impersonation using certificatethumbprint.
I have a working AD CS running under Windows Server Essentials 2012 and can issue a computer certificate in the scenario mentioned above but I can't create a user cert from a CSR created on the workgroup machine. When supplying the CSR to the AD CS using web interface it issues a user cert based on the user that is used to auth to the AD CS web-serivce.
Many thanks in advance
Paul