Bottom line, enterprise environments don’t have their internal PKI chained from a public root. So you have the same choice to make. You either find a way to get all necessary clients to pre-trust your root CA or you put a publicly trusted cert on the services that are being used by “guests” or other unmanaged clients.
1 Like