I think private CAs are a mistake if only because of all the time wasted on certificate errors from improperly configured platforms. Don't forget that some languages don't respect system stores.
If those platforms hasn't been configured with the most basic things such as the company CA, there's going to be lots of other headaches too, including security.
How do you enforce authentication standards in that kind of environment, let along an internal user directory?
No software can enter an environment completely unconfigured and be expected to work.
How do you enforce authentication standards in that kind of environment, let along an internal user directory?
No software can enter an environment completely unconfigured and be expected to work.