I am looking into setting up an internal CA on our domain. Our domain is windows 2003 based, however i am planning on building the certificate authority server on windows 2008 r2. I really want to keep this as simple as possible and the only reason we are setting this up is for 2 reasons.
1. To allow domain users to update their password when logging in via a fortigate firewall (SSL VPN) - LDAPS communication is needed between the fortigate and the chosen AD (LDAP) server.
2. To support 802.1x authentication using PEAP for internal WIFI users
I am not sure whether to go for a Standalone or Enterprise CA. I am thinking more along the lines of an Enterprise CA because this will allow the certs to be distributed via active directory. However if i could use a standalone CA it would make it easier as i wont have to mess about with templates. However I am open to advise to what is the better long term solution. Also a note that I don't really want to use intermediates or subordinates either.