Need help on designing multi-node, multi-site VMCA. Below is our setup.
Site A: 2x vCenter 6 and 2x external PSCs (all windows based)
Site B: 2x vCenter 6 and 2x external PSCs (all windows based)
We would like to use VMCA for all certificates.
Does this mean 1st PSC would act as root VMCA and other 3 PSCs would become subordinate CA to the 1st root CA?
In which order would I issue certificates to all components (machine SSL, solution users and ESXi)
Any guidance would greatly be appreciated.