Thanks for the info. Understood, but it is not clear how best to go about
this. Although there will be a domain, there will be a majority of clients
whom are not a member of the domain (not guests) so a public cert is
definitely the best way to go. My question is about how to go about the CSR,
what type of certificate request. I have a Windows server available to make
the CSR, but how? Also which public CA is best to use (from experience of
the community). e.g Go Dadddy? And of course how to implement. Thanks