We have an environment where there are dozens of separate AD forests, none of which have (or can have) any trust relationships.
We also have an Active Directory Certificate Server that we use for generating internal certs. This AD CS server is available to all of the servers via the web console (https://some.url/certsrv), but there is no other connectivity to the AD CS other than port 443.
The question is, are there any methods we can use to automate the generation and installation of certs from the AD CS server? Specifically, suppose I am sitting on SERVERX and I am running a script, is it possible to have that script generate and submit a cert request to https://some.url/certsrv, then retrieve and install the cert into the machine store?
The research I have done so far shows that this is typically possible if the CA is part of the same AD forest and is reachable over more ports than just 443.
Today we do an awkward launch of iexplore and some screen scraping, but it requires manual intervention to get it to work, and we'd like to fully automate the process.