Hi,
I've deployed an enterprise root CA and enterprise subordinate CA.
A few questions I have post-deployment:
1) What is the thinking behind leaving a root CA switched off?
2) Does having a single subordinate CA afford any fault tolerance? What if I have >1 subordinate CAs?
What are common admin tasks post deployment? I will be moving the crls to a dedicated IIS server, and also setting a Group Policy to ensure all domain machines trust this CA. Is there anything else recommended?
Thanks