We have a small domain that is out side of our normal forest that we want to issue certificates to. We have a enterprise CA in our primary forest that we would like to use to issue the certificates. Our only goal is to enable SLDAP on these domain controllers, and it doesn't seem worth it to stand up a new CA to issue two certificates. Can we issue certificates to the domain controllers in a separate forest and if so:
- What certificates are needed for SLDAP (I am guessing I just need the Domain Controller Authentication template)
- Can I set up auto enrollment with a forest I don't trust (maybe using the issued certificate for authentication)
- Our Web Enrollment is not working. Is there another method I can use to obtain the certificate?