We are configuring Https in config manager 2012.
We have created the 3 certificates required.
ConfigManager CLient : based on workstation authenticaton template, instructions dont specify supply subject name in request so build from Active Directory is default.
ConfigManager web server : based on web server templated and has supply subject name in request.
ConfigManager Distribution Client: Based on workstation authentication and build from active directory is default and we are allowing private key export.
We need to get the ConfigManager Client cert on workstations in other domains. Our IT guys cant setup autoenroll at this point so that is out until several months down the road.
We have tried to use the MMC Certificate tool in the domain the CA is in and request this ConfigManager Cert and change the subject name or alternate for the machine in the other domain.
However with subject built from active directory set, I am not able to create a Cert for a machine in a different domain. I cant change the subject.
We have tried to use the web site (https://CAMachine/certsrv ) and request a cert through this web site but of course without the supply subject in request set, we are not able to get the config manager client cert this way either.
How can we get this Config Manager CLient cert (workstation authentication) on machines in other domains including untrusted domains.
Do we need to set the supply subject in request and have the private key exportable?
Thanks Lance