We have an infrastructure which builds servers and deploys them in a DMZ. We then need to make these servers automatically enroll for their first certificate from our ADCS PKI.
We have investigated setting up a CEP/CES server in the domain, but it appears this methods requires each initial enrollment request to be manually approved/Issued by a PKI admin. This will of course break our automated certificate enrollment requirement.
Is it possible to configure fully certificate enrollment to ADCS for devices outside the domain in a DMZ ?
Any advice or pointers would be greatly appreciated