server 2016 install certificate services without active directory

I need to install a web-service related Win 2016 std / IIS server on the DMZ. We will use public SSL certificate on that. It will then query data form AD LAN SQL server.

What is the best practice to do this keeping in mind that I have read that you don't want to have AD joined servers on the DMZ?

I have installed public SSL certificates only to AD Servers and now I don't know what to do with this workgroup 2016 std server regarding public SSL certificate.

I believe tat I need to install IIS on this server.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If your server remains accessible from internet, use public ssl certificate
If server remains accessible with internal network onlythen use certificate from internal ca
RimFire007Author Commented:
Yes, it will remain accessible from internet, so I will use public ssl certificate. What I'm trying to question is would In I need to install AD certificate services to the server which indicates imo that I need to join the server to the domain - maybe even dcpromo it which seems to me bad idea.

In other words how can I install public SSL certificate to this workgroup 2016 std server?
No need for active directory joining

You can create custom request from local personal certificate for local computer in mmc console on server and can request ssl certificate
Just google for how to generate custom ssl cert request

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RimFire007Author Commented:
The other consultant involved this project created the CSR at the WorkGroup Server. I were able to purhace the SSL certificate. I think this case is now solved.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.