O'Reilly logo

Windows Server® 2008 PKI and Certificate Security by Brian Komar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Third-Party CAs or CAs in Other Forests

You do not have to deploy Microsoft CAs in a forest to deploy certificates for domain controllers. For example, if your organization has two forests (as shown in Figure 26-2), you can manually request and issue domain controller certificates to the three domain controllers in the extranet.fabrikam.com forest from the CA hierarchy in the internal.fabrikam.com forest.

A network deployment with two forests: internal.fabrikam.com and extranet.fabrikam.com

Figure 26-2. A network deployment with two forests: internal.fabrikam.com and extranet.fabrikam.com

For this example, assume that the CA hierarchy shown in Figure 26-3 is the CA hierarchy deployed in the internal.fabrikam.com forest.

Figure 26-3. The ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required