Yes, if you have a trust between the DMZ forest and your internal forest. Otherwise there's no way for the devices to automatically authenticate.
Can I automate certificate enrolment via ADCS from DMZ devices
We have an infrastructure which builds servers and deploys them in a DMZ. We then need to make these servers automatically enroll for their first certificate from our ADCS PKI.
We have investigated setting up a CEP/CES server in the domain, but it appears this methods requires each initial enrollment request to be manually approved/Issued by a PKI admin. This will of course break our automated certificate enrollment requirement.
Is it possible to configure fully certificate enrollment to ADCS for devices outside the domain in a DMZ ?
Any advice or pointers would be greatly appreciated