A cloned Certificate Manager uses the same CA signing key and certificate as another Certificate Manager, the master Certificate Manager. Since each Certificate Manager issues certificates with serial numbers in a restricted range, all of the servers together act as a single CA operating in several server processes.

The advantage of cloning is that it distributes the Certificate Manager's load across several processes or even several physical machines. For a CA with a high enrollment demand, the distribution gained from cloning allows more certificates to be signed and issued in a given time interval.

A cloned Certificate Manager has the same features, such as agent and end-entity gateway functions, of a regular Certificate Manager.