We have Windows PKI running on server 2012 standard. We have a Root CA server that is switched off and an Issuing Intranet CA that gives out the certificates. I have found this guide to update to SHA256:
Is this guide relevant in my case?
Do I need to do this on both Root and Issuing CA?
Will that affect existing certificates?
Do I need to do anything with the certificate templates?