I have an AD CA on server1 which provides certificate services for an internal domain - domain.local. I have a member server on which I have a web application running. This web application will be used by clients outside of the organisation, and so I would like to enforce the use of client certificates to authenticate users for this application. These outside clients will need to use a publicly visible domain name in order to access the application - domain.co.uk.
In order for all of this to work properly, I think I need to create a standalone root CA for the domain.co.uk domain, and this needs to be installed on a different server to the one I am currently using as an AD CA. I then need to place a certificate on my web server provided by this CA, and then issue clients with certificates from this same CA. Am I correct? If so, at what point of the installation of the CA, or where do I configure, the domain.co.uk domain name to be attached to the certificates?
Many thanks for any help anyone can offer.
Alan Moseley