Hello Everyone!
This is my first post to the security forum and it is not an overly familiar tech for me so please be gentle. :)
I am looking at building a lab to test a web based application for a client. The client has very stringent security requirements and as such have mandated the need for both the web server to be secured using SSL certs and requires the connecting users to have a certificate. The infrastructure will be hosted in a central DC in it's own AD forest whilst the users connecting in will have their own AD as they work for different companies. Each user will have an AD account within the hosted environment. My initial thought was to provide public certs for the web servers but my problem was providing certificates to the clients. Clearly using public certs would be very expensive. After a bit of research I stumbled across the following:
http://blogs.technet.com/b/askds/archive/2010/05/25/enabling-cep-and-ces-for-enrolling-non-domain-joined-computers-for-certificates.aspx
What I am trying to understand is, will the combination of Certificate services & CES/CEP effectively do away with the need for public certs in this instance? Can I simply use the internal authority to publish certificates to the web server and to the end users?