Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 04:30 PM (PDT)
Microsoft Tech Community
LIVE
SOLVED

Request Computer Certificate from CA in another AD Forest

Brass Contributor

Hello I am wondering if there is a way to generate a certificate request for a computer in one AD forest and use the CSR to generate the certificate on the CA in another AD forest. Does anyone know if this is possible? I cannot find documentation on this in my Google searches. Thanks in advance!

2 Replies
best response confirmed by charlie4872 (Brass Contributor)
Solution
To auto-enroll it, I think there has to be a Forest trust so that you can use a group for the computer to allow it to auto-enroll. You can always create a CSR manually and let it sign by a CA, doesn't matter if it's in another forest or if it is a public CA even.
Did this answer your question?
1 best response

Accepted Solutions
best response confirmed by charlie4872 (Brass Contributor)
Solution
To auto-enroll it, I think there has to be a Forest trust so that you can use a group for the computer to allow it to auto-enroll. You can always create a CSR manually and let it sign by a CA, doesn't matter if it's in another forest or if it is a public CA even.

View solution in original post