Multiple CA's on Windows Server 2012

pki windows-server-2012 certificate-authority ad-certificate-services

Solution 1:

You can only have one AD CS certificate server at a time on a single instance of Windows Server OS.

Edit: Also if you want to get serious about the physical security of the root CA, don't make it a VM. A VM can be booted up from the VM management console and then compromised. Make it a physical machine, use it to set up your policy CAs and issuing CAs, then pull the Ethernet cable out of the root CA machine and power it off. (Which you can't really do with an enterprise (AD-integrated) CA, but that's a whole different topic.)

Related

IIS 8 folder url and permissions
Windows: 2 sites, 2 dc's. How setup roles?
using wireshark/tshark in command line to ignore ssh connections
ufw blocking apt
How to create an EC2 instance with knife?
cygwin ssh works locally, not remotely
ActiveDirectory domain service wizard: Prerequisites check for domain controller upgrade fails
Ntpd excessively inaccurate
Sanity Check: Is my CAT5e cable probably bad, or do I just need different connectors?
Using Chef Solo to provision a Windows EC2 instance and bootstrap it
How to move CSS to bottom of inspect window
Best practice disk usage for SQL Server