My scenario is I need to deploy a Certificate authority to issue Root and User certificates to a PDA.
When the PDAs are built they have software installed to establish a VPN connection. During the installation process on the PDA the VPN software needs to request a root CA and a user CA. These certificates are currently issued by a Standalone Root CA.
My query is if the Standalone Root CA goes off line, (severe hardware failure), the PDA clients wouldnt be able to estblish a VPN connection as the certificates couldnt be validated.
What do I need to do so if the Standalone Root CA does off line, (hardware failure 4 hour response etc), a new PDA client that had previously obtained a root and user CA from the Standalone Root CA can present its certificates to another CA and the certificate be validated.
The VPN setup is irrelevant its more about the CA resilience.
Any advice would be appreciated