Microsoft
MicrosoftHey Karl-WE
I get as frustrated as you and other customers about the whole IIS mmc situation. We in Directory Services support have no say so as to what the IIS development team is going to do with the product. I would actually have to refer you to an IIS team to get an answer for these questions. The only thing that I can state from the Windows Directory Services side is to use the certificate request MMC wizard to do your certificate enrollment.
You statement above about the IIS MMC snapin and the AD CS Web Enrollment pages are the exact reason I have been writing these last two blog posts. I hear from you AD / AD CS admins everyday about how these tools are really starting to show their age. All I can show you as the new ways of enrolling for certificates without the AD CS Web Enrollment pages as browser security has gotten tighter and tighter over the years, and the nature of web servers hosting tons of different websites has changed so much just since Windows Server 2008. Most of the code you are talking about was written back in Windows Server 2000. Even NDES is just server manager wrapped MSCEP tool that shipped with the Windows Server 2003 resource kit tools.
Also you should keep a look out for another blog I am writing about custom certificates for Remote Desktop as I am really tired of seeing those cases come into Directory Services as well since it is really Remote Desktop components responsible for the enrollment and renewal of those certificates when using the Group Policy setting.
