question

CraigGarland-2854 avatar image
0 Votes"
CraigGarland-2854 asked LimitlessTechnology-2700 answered

Best Setup Certificate CA Trusted domain Active Directory

Hi All,

So just trying to workout best practice setting up CA when you have two domains with a trusted relationship.

I have a Standalone Root CA and Sub CA setup in domain A.
I have Users and Computer in Domain B.

I would like user and Computer in Domain B to auto enrol certificate. I believe I have two option for this. Setup a Web CEP and configure group policy or setup a second SubCA in Domain B.

What I would like to know is what would be the best practice. I believe if I setup a secondary Sub CA in Domain B it would be integrated with AD which has benefits but I would need to maintain two SubCA.

Thanks for your time in Advance.
Craig

windows-server-security
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi there,

For server certificate auto-enrollment, you must configure a server certificate template by using the Certificate Templates Microsoft Management Console snap-in on a CA that is running AD CS.

So setting up a second SubCA in Domain B would be the best practice for your requirements. Membership in both the Enterprise Admins and the root domain's Domain Admins group is the minimum required to complete this procedure.

Configure certificate auto-enrollment https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/configure-server-certificate-autoenrollment

It is possible to have two sub-CAs. In an ideal configuration, one should have two subs ca for high availability based on usage /requirement.


--If the reply is helpful, please Upvote and Accept it as an answer–

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.