I have a customer that is reluctant to change their PKI infrastructure to have an Internet exposed CRL. If I want to use their enterprise CA wouldn’t this be a requirement or would joining them to the domain be good enough so they can get their CRL through that mechanism?
