Our organization has two separate Active Directory domains (separate forests):
We have recently implemented a PKI infrastructure using AD CS. The infrastructure consists of an offline CA (named Company-RootCA). This CA is not part of any domain or forest. We have an intermediate CA in the company.local domain that is issuing certificates as expected in that domain. We would like to implement a PKI solution in the youthed.local domain. Can my offline CA be the root CA for both the company.local intermediate CA and a youthed.local intermediate CA?