Is there a reason not to have multiple ZCM servers having the CA role active at the same time?

You may presume that all the servers have the same CA pub/priv keys and certs as done by zman cae and zman cai.

Seems to me that it won't hurt anything as they all use the same certificate to sign with and it covers our butts in case one of the ZCM boxes needs to be rebuilt or fails.