I want to build up a two-tier-pki in a services domain and deploy certificates via Cross Forest Enrollment to other forest. One of them is a multi domain forest. I would like to know what would be the best pratice for publishing CRLs via LDAP URL.
Do i have to add just each forest domain url or do i need to add each subdomain?