Hello Community MembersI'm really new to Win2008 Server and I don't have lot of knowledge.I think it's a really simple question but I didn't find anything useful on the net.If you request a certificate inside your own domain, the Enterprise CA will create the certificate and send it back to the initiator/client.You can also integrate a smartcard into this process.But is it also possible to generate a key pair on the smartcard and request a certificate to the Enterprise CA from a domain that is not in the enterprise AD?So customers around the web could request certificates to your company etc.I think this should be possible if you use a standalone CA and not a Enterprise CA. Or maybe with account/certificate mapping on the server and probably something like a protocol transition (for Kerberos Authentication) will be neccessary on the IIS Side.Thanks for your response and effort in advance.Xenos

Hi, You can enroll the certificates by using the Web Enrollment Pages outside the domain. However, you need to make sure that the user has permission to enroll the certificate. Ive also included some related articles for your reference: Using the Web Enrollment Support Pages http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dscj_mcs_jckb.mspx?mfr=true AD CS: Web Enrollment http://technet.microsoft.com/en-us/library/cc732517.aspx Hope the information is helpful.