I have an environment where there are a number of vCenter appliances (6.7) across multiple sites in linked mode. They all have embedded platform services controllers.
In reference to VMCA, do I need to make them all their own intermediate authority and sign them each off against our internal PKI? Or can one platform services controller in our main site be the intermediate authority to all vCenters/hosts etc.?
Also, if it helps to answer, they are all in the same single-sign on domain.