One Root CA, multiple Signing CA's

Hi! I’m having a hard time figuring this one out…
So I am playing around with certificates. Maybe someone had something similar.
If I have 1 Root CA, and 2 Signing CA’s that sign the user certificates for VPN. Can I move the Signing CA’s each to one server and sign user certificates from there? And will the certificates signed on server A be trusted by server B?

Are there any certificate experts here?

Untitled

1 Like

They should trust each other depending on how you’ve set it up.

You want your root CA offline anyway so you want your sub CAs to take over that.

My knowledge on actually implementing this stuff is limited.

tldr: it depends on how it’s set up.

1 Like