Windows 11 setting up CES and CEP PKI in a trusted forest scenario

  • Thread starter Thread starter NickSTL77
  • Start date Start date
N

NickSTL77

I have two domains with a two-way forest trust. I want computer accounts in DomainB to enroll for computer client auth certificates from the two-tier Windows CA in DomainA. I configured a certificate cert template in the issuing CA for this and gave Read and Enroll rights to the computer in DomainB.I configured the issuing CA in DomainA for the Certificate Enrollment Policy Web Service and Certificate Enrollment Web Service according to the Microsoft documentation. CEP and CES are using Kerberos authentication using a domain service account with an SPN and configured for Kerberos delegati

Continue reading...
 
Back
Top