The answer is No. Cross-forest certificate enrollment requires a two-way forest trust. No exceptions.
Certificate Enrollment Web Service/Policy Web Service research - cross-forest PKI certificate auto-enrollment
Hi, is it possible to use Certificate Enrollment Web Service/Policy Web Service to auto-enroll certificates to systems in forests without any trust with forest where 2-Tier PKI resides? If so how, for instance, servers/desktops/laptops will auto-enroll their certificates such as ConfigMgr client cert needed for HTTPS communication since typical auto-enrollment is AD/GPO "feature". What "initiates"/"triggers" certificate auto-enrollment on a machine?