Hi,
We are running Windows server 2008 R2 Active directory domain. Planning to implement single sign on solution for an application. However, all of our clients are running Mac and they do not join to the AD domain. The application supports an alternative solution by importing X.509 user certificate for AD domain single sign on. Here is my questions and hope someone can help me out..
In AD CS, there are Enterprise and Standalone CA option to choose. Does Standalone CA option able to generate user certificate from AD Domain user account? (I assume the user will need to have their user certificate with their AD Domain account information for single sign on) What is the main difference between Enterprise and Standalone CA?
After AD CS is installed and configured. How to create user certificate from AD Domain user account? When I created server certificate in the past, the requirement would be Full Qualified Domain Name etc... But for submitting a CSR and creating user certificate, what does it need?
Thanks.