<div>
<div class="content wysiwyg-content">
I created an offline root CA and now plan on creating a Sub CA to issue certificates to users and computers. I am in a 2003 and 2008 Active Directory domain. I would like to install IIS on the Sub CA so users can request certificates through web enrollment. <br />
<br />
That question I have is, can I create an Enterprise Sub CA on a member server or does it have to be created on a DC?
</div>
</div>


I created an offline root CA and now plan on creating a Sub CA to issue certificates to users and computers. I am in a 2003 and 2008 Active Directory domain. I would like to install IIS on the Sub CA so users can request certificates through web enrollment. 

That question I have is, can I create an Enterprise Sub CA on a member server or does it have to be created on a DC?

Creating an Enterprise Sub CA

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

Windows Server 2003

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.