We are rebuilding our entire Active Directory environment. I've seen many posts on the Internet about building the CA server and that it is best practice keep it separate from the Domain Controller. I also believe there is something about building an offline CA, but in terms of keeping things manageable, I'm not sure if this is a must for us. I always have trouble with certificates and building the CA, and its hard to find instructions applicable to our environment, unless perhaps I'm misunderstanding them.
We have a 3rd Party wildcard certificate issued from GoDaddy (used for network devices, etc). I'd like to build a Windows Server 2016 CA on a separate VM than our DC. I also want utilize certificates for LDAPS and the client machines that are joined to our network.
Can someone advise of the steps in order to accomplish this? I've found these notes on building the CA, however it doesnt say anything about using a 3rd party certificate. Or perhaps I dont need a 3rd party certificate for LDAPS and internal machines? https://www.virtuallyboring.com/setup-microsoft-active-directory-certificate-services-ad-cs/