Oct 30 202105:29 PM
See Also
What is the Certification Authority Role Service in Windows Server?The Crucial Role of Certificate Authorities in Building Trust in a Digital WorldWhat are the two types of CA? | Encryption ConsultingWhat is Registration Authority (RA)?Yes, you can build two (or more) certificate authorities within a domain. It's not commonly done and it's not something I'd advise under normal circ*mstances, but you can do it.
The certificate templates are stored in the Active Directory CN=Configuration partition, meaning that single location is used by all authorities (and their subordinates). This means that any changes to these Active Directory-stored templates is visible to all authorities.
Installing a second (or more) certificate authority will not affect the templates. The templates are only installed by default when using the "Enterprise CA" option (as distinct from the "Standalone" option) and if they already exist, are left alone.
Cheers,
Lain
