I'm using AD-Certificate Services to issue computer certificates to domain joined Windows computers(both servers and workstations). These certs are obtained via the auto-enroll process defined by Active Directory.
My question is: if these computer certs have the correct OID details is there any reason to not use them for https bindings on servers running IIS? All systems accessing these web servers are internal and will trust the ADCS PKI.
Edit: To be clear, I'm asking specifically about using the computer cert issued as a part of domain membership.
Best Answer
There's no issue with running local certificates at all. Many enterprises use an internal CA such as AD-Certificate Services to manage and automate the creation of certificates for their servers. It's just as secure as a public CA as long as you distribute the certificates out to your clients and keep the private keys secured and private.