In the post,Will show you how to install Subordinate CA where you have already have Enterprise ROOT-CA available in the domain.
Ideally, When you install Subirdiante CA Under ROOT-CA is called 2-Tier PKI Infrastructure. Many Organizations they use 2-Tier Method to avoid abnormal down due to the Servers, Threats and Vulnerability.
ROOT-CA or Offline-CA will be in the out of network and kept in Isolated network to avoid the missusing of the Certificate Services.
Subordinate-CA or issueing CA will be used to issue the Certificates to the Computers, Users and Websites.
I cover here how to install Subordinate-CA, Please refer the article to learn how to install ROOT-CA.
Install Certificate Service role from the Server Manager and Click on Configure Active Directory Certificate Services on the destination server
Select Certificate Authority and Click on Next
Select Subordinate CA and Click on Next
Click on Next after selecting the Cryptographic Options
Give the Name for the CA and Click on Next
Majority of CA Administrators will keep the ROOT-CA Servers in offline or isolated network, hence generate the request for and save it in the location system
Select the Database Location and Log Location paths and Click on Next
Click on Configure
Login in to ROOT-CA–>Right click on ROOT-CA–> All Tasks-->Submit new request
Select the Request file and click on Open
Click on Install CA Certificate
Click on Properties once service started successfully.