multiple CA for same domain ? (a little long..)

Giganews Newsgroups
Subject: multiple CA for same domain ? (a little long..)
Posted by:  Marco Tonoli (MarcoTono…@discussions.microsoft.com)
Date: Tue, 24 Oct 2006

Hi all, i have a question:

i have a PKI infrastructure, with a offline root,  an enterprise CA and a
domain controller. We use PKI for smart card, email signing and what future
time will offer...
Now we start a branch office with many user so i make a new domain
controller (for same central domain) in the branch office for autentication
speed and geographics redundance. The lan's have non egual ip addressment but
one see each other. I'll correctly set "site and service" applet so pc remote
will use remote DC.
My question is... i need also a second CA in the branch office ? if not i
can have speed problem ? (i don't kon how fast is connection, specifically
during working hour).

And, if i need a second CA, can install on DC ? (i think have not CPU power
problem and no security access problem) and there same particolar procedure
to avoid strange situation like pc autentication or PKI process on erratic CA
and DC ?

Thanks all in advance (and excuse my english.... writing from italy.)

Replies