Is it possible to have only one ADCS Standalone Offline Root CA for multiple Forests and Domains ?
I have 3 separate AD Forests -- contoso.com, fabrikam.com and testlab.com. All these are separate AD forest with no AD Forest/Domain trust between them. Also, there is no need for Cross-Forest certficate and authentication.
I shall have 3 separate domain-joined Enterprise Issuing CAs in each of these 3 forests.
But, my question is regarding the Standalone Offline Root CA which shall be in a workgroup and not joined to any AD Domain or Forest.
Can I use only one Standalone Offline Root CA ? Is this possible instead of having 3 separate Standalone Offline Root CAs for 3 forests ?
If YES -- how ? Can you please refer to some Microsoft articles/whitepapers or Deployment Guides ?