Enterprise CA placement

Giganews Newsgroups
Subject: Enterprise CA placement
Posted by:  study (stu…@discussions.microsoft.com)
Date: Fri, 26 Jun 2009

Hello
We currently have a single 2003 active directory forest with one root empty
domain and 2 child domains.
We are going to create an offline standalone root CA (on a workgroup server)
then one issuing Enterprise CA (on a DC).

My question is,
1. which domain should we install the Enterprise CA on?
The issuing CA would be servicing all 3 domains.  Can we install on one of
the child domain DCs or does it need to be on the root domain DC?

2. if we install 2 issuing CAs by installing CA on 2 different DCs, does it
provide redundancy in case one fails?

Replies