Hello;
We are using an internal Microsoft certificate authority to issue certificates for Direct Access. We are in the process of migrating between CA's but it appears that Direct Access only trusts a single CA at a time. That makes it challenging when moving between CA's as its not a simple cutover. Has anyone gone through this process? Looking for some help on how to accomplish this.
My fall back plan is to have every client request a new cert from the new CA, so each client would have two direct access certs, one from the old CA and one from the new CA. Then swap what CA that Direct Access trusts. The only issue is creating an unattended, automated script to accomplish the clients requesting a new Direct Access cert (certreq requires an INI, which is cumbersome).
Thanks.