I am currently searching out a way to create a secure and redundant CA mainly for ADFS implementation. I have a current root CA that issues out certs for wifi but it lives on a DC so I can't turn it off. Is it possible to create and use another root CA
and then assign that one as a backup so I can turn off the root CA or what is the best method moving forward to have the best security and redundancy?