I would like to implement a PKI Infrastructure in our
environment. I'm a newbie to PKI and do lot of reading to build up a Test lab.
The design should be flexible for all existing Services (wlan, vpn, smartcard,
802.1X) and all upcoming Services
We have two forests
1. Forest with multiple Subdomains
2. Single Domain Forest
I would deploy a two tier hierarchy
A standalone offline Root CA and Enterprise
Subordinate CA in a subdomain of forest one which has been made just to deploy
Services managed by our admin Team. Could I setup up a second CA for
high-availability in the same subdomain?
To deploy Certificates in the second forest i would
implement a cross certification web enrollment so i do not need to deploy a
second Subordinate CA because our admin Team is not solely responsible for this
forest but administrates the main services.
Because I would like to use FIM CM 2010 for Smartcard
deployment I’m not sure if I can still use this design with a cross
certification web enrollment or if I would have to build a subdomain in the
second forest for an Enterprise Subordinate CA.