Hello everyone,
We are using a software platform (Citrix XenMobile), that allows us to use LDAP to authenticate with its web console.
We can setup LDAPS, which I would prefer, however it requires a certificate to import.
We have an internal CA that is currently not accessible externally.
Is it normal/standard to setup an external path to our internal CA, configure our CA to use the external FQDN in its CRL, to then issue certificates to external clients? Or is this a security hole?
I believe our CA is just a standalone internal CA that signs for our internal AD domain, and at the moment is only using its internal FQDN for CRL.