I'm considering an Internal CA to facilitate a more secure VPN Remote Access for a handful of users who mainly work away from the office. They will need access to Exchange email and possibly some shares on a file server.
Can I publish CRL and Delta CRL to a web server which is NOT domain joined and resides in a DMZ or even a standalone Azure VM?
If it's possible any chance of some basic instructions or steps I would need to take to get the Issuing CA to talk to the Web server?
Alternatively, is SSTP enough with a public trusted cert?
Or is there a better way altogether?
Thanks for your time, as always, it's appreciated