We are developing a system which implements an HA cluster across two separate geographical locations.
Each site will have several Windows Server 2012 machines and at least one DC, and we basically have to do a master-master replication between the two sites.
The entire system will be under a single domain.
We will be deploying AD CS since some of our sub-systems need certificates,
but we want to limit the variety certificate to just one (i.e. we want all CAs to issue identical certificates).
To do that, we have to setup AD CS so that all the DCs (both intra-site and inter-site) share the same private key.
Is it possible to have all DCs in a domain to share a single private key?
This article on TechNet suggests that we can do it within a cluster,
https://technet.microsoft.com/en-us/library/cc742450%28v=ws.10%29.aspx
but we are not sure if we can do it across different sites.
Any advice and comments are highly appreciated.
Wanko