Your only option is to use a cross-forest certificate enrollment: https://social.technet.microsoft.com/wiki/contents/articles/14715.test-lab-guide-mini-module-cross-forest-certificate-enrollment-using-certificate-enrollment-web-services.aspx
How to enroll certificate for different forest computer
I've a forest domain AD CS server (e.g. abc.com), there is a different forest domain (xyz.com), I want xyz.com domain member server should get certificate automatically from different forest domain abc.com. Please let me know how it's possible, different ways of possibilities.