Hi Guys, my first post so if I have posted in the wrong place, please advise.
My webserver is using LetsEncrypt, and works perfectly. However, setting that up was relatively simple: I have a LetsEncrypt cert on the server, clients get it and refer to LetsEncrypt for validation.
Now I want to go to the next stage: I’m building a security Lab, within which I run a Microsoft CA (Win2K12R2). I want to have that CA act as an intermediary to LetsEncrypt, so when random client devices log into the network, they see a certificate which is chained to LetsEncrypt and so don’t show cetificate warnings, as they do when I just use the “private” certificates from my existing CA.
Are there any guidance documents you can recommend? I could just blunder ahead and do what feels right and works, but this is security and I’d rather start off conforming to best practices rather than making it up s I go along
Thanks for any advice!