Can we send an encryption email between two AD Forest (vice versa) by implementing internal Microsoft CA.
E.g. abc.com domain have their own Enterprise or Standalone CA and xyz.com have their own Enterprise or Standalone CA
If can, how do the users for abc.com domain 'trust' the users from xyz.com domain? Is that something like this: abc.com domain users need to install xyz.com root certificate and xyz.com domain users need to install abc.com root certificate.
Is there any requrements to do on the servers level instead of at the client PC.