Hi,

Is it possible instead of manually renewing the IPHTTPS server certificate every time it expires to configure auto enrollment so that it mitigates the risk of an unexpected outage should it be missed and not manually renewed.

Thanks,

Ranjit.

Hi,

This certificate should be delivered by a public AC. So Auto Enrolment is not possible. Even if you use an internal AC, even if auto-enrollment is possible, the binding at HTTP.SYS level need to be updated. That can be done with the Remote Access Management Console or the Powershell commandlets. At last, since Windows Server 2012, you can rely on auto-signed certificate but the problem remain the same as it must be trusted by your DirectAccess clients that need a GPO refresh for that.

So it's not possible.