hi out there
I have a problem which will show up in a few years so I have a small buffer - after many problems and challenges we have got a PKI AD integrated CA up and run in our environment and it works well. I use it for requiring a client certificate from our F5 edge devices. It is pretty simple to deploy a certificate trough the windows standard tools (/certsrv) and define the needed templates etc - the clients access it trough a F5 published website on the internet. This way could also be used to renew certificates with - but - and I know this is not a F5 topic but I use this more for brainstorming - can I renew trough scep instead? How do you out there renew the certificates used for as client certificates on non-domain pc from a foreign network? Do we have some functionality in the F5 which could help?