I am looking to stand up a PKI in a few months and have a general question. I have many internal applications that have a web GUI accessible by HTTPS via DNS name.
Let's say my company is brookshire.com. We access https://app1.brookshire.com
and accept the certificate error that is displayed on IE.
I want this error to go away because it is teaching users the wrong thing to do by just bypassing an SSL certificate warning.
With a PKI what kind of certificate would be issued to the application server? Is it called a server cert? Or do I have to make the application servers a subordinate CA?
Will the clients need to have the PKI root cert installed onto their trusted cert authority store?