win 2003 CA with Sha-1 root cert.

MY Question is if my CA has a SHA-1 root cert. can I sign a SHA-2
joe_walshAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Radhakrishnan RSenior Technical LeadCommented:
Hi,

Bydefault 2003 Sp2 doesn't support (shipped) SHA-2. This limitation can become an important concern when processing smart card logons and for mutual TLS authentications to web servers. As unlike other technologies, smart card logon and mutual TLS both use strict revocation checking; so should either the certificate itself or the revocation information (CRL/OCSP) use SHA2, the logon would fail.

But you can install this update https://support.microsoft.com/en-us/kb/938397 which will support SHA-2 whch you signin for your 2003 server.
joe_walshAuthor Commented:
my Q is with the ability to sign a SHA-2 on a CA. with a SHA-1 root cert. is it possible or do we need to upgrade root first.
Radhakrishnan RSenior Technical LeadCommented:
Hi,

As i mentioned earlier 2003 doesn't support SHA-2 directly. Yes, you need to upgrade the root first. You can have a look at this http://blogs.technet.com/b/pki/archive/2013/09/19/upgrade-certification-authority-to-sha256.aspx which describes some migration commands.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.