locked
HTTPS Client communication across trusted forest. RRS feed

  • Question

  • I had a question from a client today about HTTPS communication across trusted forest.  The question wasn't necessary a ConfigMgr question but a PKI question. I have never dealt with client certificates across multi-forest. How does HTTPS client communication work across multi-forest and multi-pki environments?

    I have 4 forest with 2 way forest level trust. We are planning on a single primary site to manage clients across all 4 forest.  Currently we will use HTTP but a question was asked about HTTPS and that is when the PKI question came into play.


    Kristopher Turner | Not the brightest bulb but by far not the dimmest bulb.

    Wednesday, November 19, 2014 5:36 PM

Answers

  • It works the same. PKI is completely independent of AD domains and forest.

    As always, certs must be trusted though (and just to reiterate, this has nothing to do with AD domain and forests although cert trust can be configured using group policy which is why some folks incorrectly associate them).


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Wednesday, November 19, 2014 5:44 PM

All replies

  • It works the same. PKI is completely independent of AD domains and forest.

    As always, certs must be trusted though (and just to reiterate, this has nothing to do with AD domain and forests although cert trust can be configured using group policy which is why some folks incorrectly associate them).


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Wednesday, November 19, 2014 5:44 PM
  • Thanks Jason. Makes sense. 

    Kristopher Turner | Not the brightest bulb but by far not the dimmest bulb.

    Wednesday, November 19, 2014 6:00 PM