question

MiguelPrietoSolanilla-3100 avatar image
0 Votes"
MiguelPrietoSolanilla-3100 asked MiguelPrietoSolanilla-3100 answered

PKI two Levels

Hi everyone.

I need some help, I have 2 domains (forest/child) and I have installed a Root CA offline out of any domain and a CA Subordinate in forest domain.



The child domain contains the users and computers and is located in a vlan that no have communication to forest domain controllers. So, the certificated are not deploying. In every server/computer in forest domain have the certificate.



If I enable on the firewall communications from child user/computer domain vlan to forest domain controllers vlan, exactly the ports 88, 135 and 445, the certificates are deploying correctly.



I have sniffed with Wireshark on the computer and I can see request to forest domain controllers from the client.



Are there any way to deploy certificates with no communication with the forest domain controllers from child computers vlan?

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MiguelPrietoSolanilla-3100 avatar image
0 Votes"
MiguelPrietoSolanilla-3100 answered

Hi.

Any ideas please?

I have check if I disable the firewall, the certificates are deployed and if I enable the firewall and delete the certificates, with the firewall enabled the certificate are deployed again.

Is needed for the first deploying that have communication with the DC of Forest domain?

Thanks a lot.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.