Your company has recently decided to merge with another company. Both companies have their own internet PKI that deploys certificates to users within that network. You have been asked to deploy a solution that allows each company to trust the other's certificates. What should you do?

A. Issue a policy certificate accepting both trust paths.
B. Deploy a new PKI for all users, and import the current user certificates to the new PKI.
C. Use a cross-certification certificate.
D. Add the root certificate to both of the root certification authorities (CAs).

C
Explanation: You should use a cross-certification certificate to ensure that each company trusts the other company's certificates.
You should not issue a policy certificate accepting both trust paths. Policy certificates provide centrally controlled PKI policy information. However, there is no automated way to enforce it.
You should not deploy a new PKI for all users. This requires more administrative effort than is necessary.
You should not add the root certificate to both of the root certification authorities (CAs). This would not ensure that each company trusts the other company's certificates.