Is the DMZ domain a child of the internal? is there a trust relationship between the domains?
You can do this without trust, but you will need to manually (or scripted) get the certificates on the machines in the DMZ. Sent from Windows Mail From: Brian McDonald<mailto:[email protected]> Sent: Tuesday, March 11, 2014 3:39 PM To: [email protected]<mailto:[email protected]> I have SCCM clients in the internal domain, but need to support DMZ clients in the external domain. The CA is in the internal domain. Brian Sent from my iPhone On Mar 11, 2014, at 2:32 PM, "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> wrote: which domain are the clients a member of? which domain is the CA a member of? Sent from Windows Mail From: Brian McDonald<mailto:[email protected]> Sent: Tuesday, March 11, 2014 12:59 PM To: [email protected]<mailto:[email protected]> Quick question on auto-enrollment GPO for client certs. I have two separate domains/forests and am working with my team on setting up a PKI environment. The client certificate has been created. When configuring the Auto-enrollment of the Client Certificate GPO, should the GPO be applied to both internal/external domains? Internal I'm running HTTP and external HTTPS. I'm assuming the GPO should be applied to both, correct? Thanks, Brian
