Can I automate certificate enrolment via ADCS from DMZ devices

Dennis Berry 1 Reputation point
2021-02-12T15:14:04.64+00:00

We have an infrastructure which builds servers and deploys them in a DMZ. We then need to make these servers automatically enroll for their first certificate from our ADCS PKI.

We have investigated setting up a CEP/CES server in the domain, but it appears this methods requires each initial enrollment request to be manually approved/Issued by a PKI admin. This will of course break our automated certificate enrollment requirement.

Is it possible to configure fully certificate enrollment to ADCS for devices outside the domain in a DMZ ?

Any advice or pointers would be greatly appreciated

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,713 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,863 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Jordan Mills 1 Reputation point
    2021-02-22T17:54:27.22+00:00

    Yes, if you have a trust between the DMZ forest and your internal forest. Otherwise there's no way for the devices to automatically authenticate.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.