server 2016 install certificate services without active directory

RimFire007
RimFire007 used Ask the Experts™
on
I need to install a web-service related Win 2016 std / IIS server on the DMZ. We will use public SSL certificate on that. It will then query data form AD LAN SQL server.

What is the best practice to do this keeping in mind that I have read that you don't want to have AD joined servers on the DMZ?

I have installed public SSL certificates only to AD Servers and now I don't know what to do with this workgroup 2016 std server regarding public SSL certificate.

I believe tat I need to install IIS on this server.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
MaheshArchitect
Distinguished Expert 2018

Commented:
If your server remains accessible from internet, use public ssl certificate
If server remains accessible with internal network onlythen use certificate from internal ca

Author

Commented:
Yes, it will remain accessible from internet, so I will use public ssl certificate. What I'm trying to question is would In I need to install AD certificate services to the server which indicates imo that I need to join the server to the domain - maybe even dcpromo it which seems to me bad idea.

In other words how can I install public SSL certificate to this workgroup 2016 std server?
Architect
Distinguished Expert 2018
Commented:
No need for active directory joining

You can create custom request from local personal certificate for local computer in mmc console on server and can request ssl certificate
Just google for how to generate custom ssl cert request

Author

Commented:
The other consultant involved this project created the CSR at the WorkGroup Server. I were able to purhace the SSL certificate. I think this case is now solved.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial