Certificate FQDN example.local domain using example.com certificate

[g18c]

Hi, i have been able to setup certificates and radius authentication on
my example.local domain. I have my root enterprise CA issuing
certificates and all is well (certificates show rootca.example.local as
the issuer).

I am considering the posibilities of using certificates to sign the
users email, rather than roll out a new cert infrastructure can i
implement my own inhouse certificate infrastructure even though my
active directory domain name is example.local, whereas our email domain
is example.com?

Is there anyway which i can issue certificates to computers in the
active directory but use the example.com certificates instead?

I hope this makes sense

Thanks,

Chris

 

[Paul Adare]

Hi, i have been able to setup certificates and radius authentication on
my example.local domain. I have my root enterprise CA issuing
certificates and all is well (certificates show rootca.example.local as
the issuer).

I am considering the posibilities of using certificates to sign the
users email, rather than roll out a new cert infrastructure can i
implement my own inhouse certificate infrastructure even though my
active directory domain name is example.local, whereas our email domain
is example.com?

As long as the user's mail attribute in AD is example.com this will be
fine. It makes no difference what the name of the CA is, what's
important is that the subject name of the certificate matches the user's
mail attribute, and if you enable the CA template to lookup that
information from AD, they will get the correct subject on the cert.

Is there anyway which i can issue certificates to computers in the
active directory but use the example.com certificates instead?

You don't issue email certificates to computers, you issue them to
users.
A bigger problem is that unless you're only using these certificates
internally they won't be any good. External users won't trust your
internal PKI so the certs are essentially useless outside of your
company.