PKI two Levels

Miguel Prieto Solanilla 1 Reputation point
2022-05-23T10:31:30.757+00:00

Hi everyone.

I need some help, I have 2 domains (forest/child) and I have installed a Root CA offline out of any domain and a CA Subordinate in forest domain.

The child domain contains the users and computers and is located in a vlan that no have communication to forest domain controllers. So, the certificated are not deploying. In every server/computer in forest domain have the certificate.

If I enable on the firewall communications from child user/computer domain vlan to forest domain controllers vlan, exactly the ports 88, 135 and 445, the certificates are deploying correctly.

I have sniffed with Wireshark on the computer and I can see request to forest domain controllers from the client.

Are there any way to deploy certificates with no communication with the forest domain controllers from child computers vlan?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,122 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Miguel Prieto Solanilla 1 Reputation point
    2022-05-25T08:56:48.347+00:00

    Hi.

    Any ideas please?

    I have check if I disable the firewall, the certificates are deployed and if I enable the firewall and delete the certificates, with the firewall enabled the certificate are deployed again.

    Is needed for the first deploying that have communication with the DC of Forest domain?

    Thanks a lot.

    0 comments