I have several test domains. They have no network access to each other. I'm setting up certificate services for them. I'd like to share a single (standalone) Root CA and a single standalone Policy CA. I am wondering if I can:
- set up a CNAME in each domain's DNS with the same name (e.g. crlserver) pointing to a web server in that domain
- set up a Site on the web server using a host-header configuration to receive requests to the CNAME address.
- copy the CRL to each server.
- and thus set a single entry as the CRL server to use the CNAME name to cover all of the domains.
So, can I use an FQDN for the CRL server name?