Hi,
I found this topic https://social.technet.microsoft.com/Forums/windowsserver/en-US/d03f1ad9-94cf-4fac-8655-ea7eb4345bae/cosigning-a-2008-r2-certificate-authority-for-internalexternal-remoteapp-users?forum=winserverTSdealing with the same issue. I haven't found a clear answer if this is possible and if so how to perform these steps. I have my own enterprise ca up and running well. Of couse "my" own ca certificate is only trusted within my own domain. It's not trusted outside. I also found this hint from the system "A stand-alone or enterprise CA-issued certificate must be co-signed by a trusted public CA that participates in the Microsoft Root Certification Program Members program". This sounds like I could use my enterprise ca certificate requested & issued by a trusted provider (so instead my own in the root position one of the trusted ones). Is that possible?