This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 98%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
We have an active directory domain named after one of two companies that merged to form our current company. Let's call it oldcompany1.com This is the AD domain we kept post merger.
We did register a public Internet domain with the new company name after the merger. Let's call it MergedCompany.com
We do have "mergedcompany.com" configured as a primary forward lookup zone integrated into AD DNS.
There are only a few internal resources we have static records for in our mergedcompany.com DNS zone.
Would I be able to issue certificates with the subject name or SAN for something like "intranet.mergedcompany.com" from our enterpriseCA.oldcompany1.com? Is it just a matter of putting the other domain in the subject name/SAN field in the certificate request?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,
Before going further, would you please tell did you create the trust between the 2 domains?
Did you create the DNS forward for each other?
I would like to do a test in my lab.
Best Regards,
The other domain doesn't exist as an actual AD domain. It's just a domain NAME that is configured as a forward lookup zone in DNS.
Yes, you can do this by using Web Server or derived certificate template. This template by default accepts user-supplied subject, so you can insert whatever name you need in subject alternative name. The process is well described in my blog post: https://www.sysadmins.lv/blog-en/web-server-certificate-enrollment-with-san-extension.aspx