I have installed a two tier PKI in Windows environment. I have one Stand-alone Root CA (offline) and one Enterprise Subordinate CA (installed on Windows 2003 enterprise ed.)
For availability reasons I would like to know if I can add a second Enterprise Subordinate CA in case the first one crash. (Normally everything is stored in AD so I assume taking a daily backup of the CA database is enough?)
Can I just install a second Enterprise sub. CA the same way I did for the first one? What about CRL distribution points? Web enrollement?