Your network contains an Active Directory domain named contoso.com.
You deploy Active Directory Certificate Services (AD CS).
Your company, which is named Contoso, Ltd., has a partner company named Fabrikam, Inc. Fabrikam also deploys AD CS.
Contoso and Fabrikam plan to exchange signed and encrypted email messages.
You need to ensure that the client computers in both Contoso and Fabrikam trust each other’s email certificates. The solution must prevent other certificates from being trusted and minimize administrative effort.
What should you do?
More than one answer choice may achieve the goal. Select the BEST answer.
A. Implement an online responder in each company.
B. Exchange the root certification authority (CA) certificates of both companies, and then deploy the certificates to the Enterprise Trust store by using Group Policy objects (GPOs).
C. Implement cross-certification in each company.
D. Exchange the root certification authority (CA) certificates of both companies, and then deploy the certificates to the Trusted Root Certification Authorities store by using Group Policy objects (GPOs).
