Can I automate certificate enrolment via ADCS from DMZ devices

Dennis Berry 1 Reputation point

We have an infrastructure which builds servers and deploys them in a DMZ. We then need to make these servers automatically enroll for their first certificate from our ADCS PKI.

We have investigated setting up a CEP/CES server in the domain, but it appears this methods requires each initial enrollment request to be manually approved/Issued by a PKI admin. This will of course break our automated certificate enrollment requirement.

Is it possible to configure fully certificate enrollment to ADCS for devices outside the domain in a DMZ ?

Any advice or pointers would be greatly appreciated

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,166 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,612 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Jordan Mills 1 Reputation point

    Yes, if you have a trust between the DMZ forest and your internal forest. Otherwise there's no way for the devices to automatically authenticate.

    0 comments No comments