This is a followup to a comment made in another question I have (Windows 7 Self Signed Certificate for RDP).
I am trying to get a handle on the SHA1 deprecation that is coming from Microsoft that will eventually impact ssl certs signed with sha1 from the CA. Certs that are used for RDP or certs that are issued from DOD that we have for smart cards. In these articles and many other it states something to the effect:
Microsoft announced our stance on SHA-1 in multiple blog articles, including
This link is external to TechNet Wiki. It will open in a new window. ,
This link is external to TechNet Wiki. It will open in a new window. , and
This link is external to TechNet Wiki. It will open in a new window.
In summary, as of now (May 2015), Microsoft's SHA-1 deprecation only impacts SSL and code-signing certs issued by CAs in the Windows Root Certification Program. Any CA not in that program will be treated as a private/enterprise CA and Microsoft's current (as of 5/15/2015) SHA-1 deprecation policies does not apply. Microsoft's treatment of SHA-1 and its further deprecation will be discussed more at the appropriate future time.
I am trying to understand how that applies and how to determine if any of the certs were issued by a by CAs in the Windows Root Certification Program. We have an enterprise CA that we can use with templates that issues Certs for things like RDP.
I don't control the root CA for the enterprise, so I would like to see if that CA is part of the program. Also, as mentioned before, what about certs issued by third parties like DOD, or others. How can I figure out if the Certs we have will be impacted?