You are an Active Directory administrator for Contoso, Ltd. You have a properly configured certification authority (CA) in the contoso.com Active Directory Domain Services (AD DS) domain. Contoso employees authenticate to the VPN by using a user certificate issued by the CA. Contoso acquires a company named Litware, Inc., and establishes a forest trust between contoso.com and litwareinc.com. No CA currently exists in the litwareinc.com AD DS domain. Litware employees do not have user accounts in contoso.com and will continue to use their litwareinc.com user accounts. Litware employees must be able to access Contoso’s VPN and must authenticate by using a user certificate that is issued by Contoso’s CA. You need to configure cross-forest certificate enrollment for Litware users. Which two actions should you perform? Each correct answer presents part of the solution.

A. Grant the litwareinc.com AD DS Domain Computers group permissions to enroll for the VPN template on the Contoso CA.
B. Copy the VPN certificate template from contoso.com to litwareinc.com.
C. Add Contoso’s root CA certificate as a trusted root certificate to the Trusted Root Certification Authority in litware.com.
D. Configure clients in litwareinc.com to use a Certificate Policy server URI that contains the location of Contoso’s CA.
  Discussion forum

Question
0

Leave an answer