Microsoft made available the new documentation for Certification Enrollment with Windows Server 2008 R2.
In these documentation you will get the detailed information about the following types of Certificate Enrollment process.
Cross-forest Certificate Enrollment with Windows Server 2008 R2
This paper explains how cross-forest certificate enrollment works. It also provides deployment guidance for cross-forest certificate enrollment in new and existing Active Directory Certificate Services (AD CS) deployments.
Windows Server 2008 R2 enables enterprise Certification Authorities (CA) to issue digital certificates to clients that are members of a different Active Directory (AD) forest. This process is called cross-forest certificate enrollment. This paper explains how cross-forest certificate enrollment works. It provides deployment guidance for cross-forest certificate enrollment in new and existing Active Directory Certificate Services (AD CS) deployments. It provides strategies for consolidating existing certificate templates and presents choices for ongoing management of a cross-forest certificates deployment. A PowerShell script is provided to facilitate management tasks related to setting up and maintaining cross-forest certificate enrollment environments.
Certificate Enrollment Web Services in Windows Server 2008 R2
This paper explains how certificate enrollment Web services work in Windows Server 2008 R2. It also provides deployment guidance for certificate enrollment Web services in new and existing Active Directory Certificate Services (AD CS) deployments.
To provide certificate enrollment in a broader set of deployment scenarios, Microsoft developed a new enrollment protocol based on WS-Trust and two new role services in Windows Server 2008 R2 based on this protocol. The new services use HTTP based messaging over a TLS encrypted transport and do not depend solely on Kerberos for authentication. This enables automatic enrollment from Windows 7 clients to be used across forest boundaries and over the web. The two new role services are called Certificate Enrollment Policy Web Service (the policy service) and Certificate Enrollment Web Service (the enrollment service). These Web services, respectively, enable certificate policy retrieval and certificate enrollment over HTTPS. This guide explains the deployment scenarios, requirements, and recommended configurations, and offers step by step procedures to help you install and configure the new role services.