This CA instance can be either a Self-Signed Root CA or a Subordinate CA. [Details]
The PKI hierarchy establishes the trust relationships between this CA instance and the other PKI instances within this security domain. A CA can be chained under an internal CA, or alternatively, it can be chained under a public or an external CA.
Make this a Self-Signed Root CA within this new PKI hierarchy.