Hello All,
I need a clarification in cross forest ADCS-Two tier PKI. Below are the details,
Existing environment:
Forest\Domain - contoso.com
Root CA and Issuing CA installed and configured with HSM
CDP/AIA URL's published in standalone IIS server
New forest\domain - fabrikam.com
Planned to install the Issuing CA by making use of existing Root CA in contoso.com
No AD trust between the forests
I planned to install the Issuing CA and export the request and get the certificate from Root CA.
Queries:
Any configuration on Root CA needs to be done for fabrikam.com issuing CA like configDN, etc?
Any changes for CDP/AIA url's?
Is it possible to change the CDP/AIA URL's and have a separate IIS server in fabrikam.com?
Any other configuration to be taken care of?