My situation is this: I have SCCM 2012 R2 and we want to enable Internet Based Management.
My company does not have an existing PKI infra but we do have a CA for things like Lync and Exchange 2010. The issue come in where the CA was built on 2003 Standard, not Enterprise so I cannot publish the templates.
I know the answer seems pretty simple, upgrade the 2003 box to Enterprise OR better yet, a 2012 server. HOWEVER, here's the tricky part; My systems team does not want to change anything because;
1. It's working right now.
2. We don't have a lot of server VM or Hardware resources remaining
3. We have an AD Upgrade project for next year so they're not interested in doing anything twice.
4. Office politics (sigh, I know)
What I do have is a small Hyper-V environment that I use for testing but I can stand up my own Enterprise or 2012 Server.
Could I do an Enterprise CA as a Subordinate and be able to publish the certificate templates I need to do internet client management? Then when the AD project rolls out, this server could be phased out?