We currently have a small PKI infrastructure in our environment which is only used internally. Certificates are used to allow for LDAPS and HTTPS connections to local servers on our domain.
Currently our Active directory Certificate Services role is housed on a domain controller in our environment. While I am aware this is not best practice, there are no mission critical services which depend on the certificates issued in our environment and this has been deemed acceptable.
We would however like our certificate authentication to function even if the domain controller goes offline or the office where the server is located is not reachable.
How can I setup a second Certificate authority that can authenticate the certificates issued to systems? We don't have a problem with re-issuing certificates if needed but we want a single certificate issued to each system and that certificate to authenticate from either Certificate Authority server.