none
Ability to issue certificates from a secondary domain? RRS feed

  • Question

  • Hi,

    We have an internal domain and CA setup.  However we do not own the Internet domain for the CA's domain.

    We own several other Internet domains and I would like to use one of those to issue certificates that are able to be trusted and generated internally to the organization.

    For example I would like to use the Internet registered domain to get certificates for 100 printers but don't want to pay Godaddy or whoever 75/year per cert.  Would like to be able to generate for all my switches and other devices as well.

    What would be the best way to accomplish this?

    Thanks

    Friday, May 17, 2019 5:23 PM

All replies

  • Hello,
    Thank you for posting in our TechNet forum.

    To better understand our question, please confirm the following information:

    1. According to "We have an internal domain and CA setup.  However we do not own the Internet domain for the CA's domain", do we mean the CA in internal domain can not access Internet?

    2. Are
    several other Internet domains and internal domain different domains/forests? If so, are they trusted by each other?

    3. Are there CAs in
    several other Internet domains? If no, do we mean we use the CA of internal domain in one of these several other Internet domains?

    4. Are these printers ,switches and other devices Internet devices?


    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 20, 2019 9:29 AM
    Moderator
  • 1. According to "We have an internal domain and CA setup.  However we do not own the Internet domain for the CA's domain", do we mean the CA in internal domain can not access Internet?

    The domain can access the Internet but the domain name is not owned by us on the Internet.  I can’t purchase certificates for that domain because I don’t have ownership.

    2. Are several other Internet domains and internal domain different domains/forests? If so, are they trusted by each other?

    They are not AD domains but they are domains that we do own and have purchased on the Internet. 

    3. Are there CAs in several other Internet domains? If no, do we mean we use the CA of internal domain in one of these several other Internet domains?

    There are no other CAs as our Internet owned domains are not AD domains.

    4. Are these printers ,switches and other devices Internet devices?

    The printers are not accessible via the Internet but we get Internal pen tests and always get penalized for untrusted certificates.

    Monday, May 20, 2019 2:05 PM
  • Hi,
    What do we mean "not AD domains"? Do we mean all the users and machines are in workgroup?


    Have we ever thought we create an AD domain in one of the several other Internet domains, then create one Web server and one CA in this AD new domain, issue certificate through this CA?


    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 21, 2019 2:23 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, May 23, 2019 2:42 AM
    Moderator
  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.

    Thanks for your time and have a nice day!

    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 27, 2019 1:18 AM
    Moderator