Over on the System Center Configuration Manager Team Blog, Carol Bailey posted some great information on Native Mode and certificates including a couple examples of multi-CA hierarchies. If this sounds like you then you’ll definitely want to check this out:
We’ve seen this question come up a few times, and the simple answer is no – as long as the communicating computers have a trust in common, and the correct certificates are used, native mode works just fine. This trust in common can use a single certification authority (CA) hierarchy or multiple CA hierarchies. Because native mode is PKI-agnostic, this all happens at a lower level than Configuration Manager – we just need the PKI connection established before we can proceed with native mode communication.
J.C. Hornbeck | Manageability Knowledge Engineer