Cross-certificates are used to establish trust between separate certification hierarchies, such as in separate networks or portions of a network. In these cases, cross-certificates are typically configured to:
Define the namespaces for which certificates issued in one certification hierarchy can be used and accepted in the second hierarchy.
Specify the acceptable uses of certificates issued by a cross-certified certification authority (CA).
Define the issuance practices that must be followed for a certificate issued by the cross-certified CA in order for them to be considered valid in the other hierarchy.
Create a managed trust between separate certification hierarchies.
The Cross-Certificates tab can be used to add cross-certificate download locations.
When cross-certificates are used, the information on the Cross-Certificates tab describes which of these types of restrictions, if any, have been applied.
Cross-certificates can be used in both intranet and extranet environments.