We have a two tier PKI hierarchy using Microsoft ADCS. both the standalone Root CA and the Enterprise SUB CA are using SHA-1 as CSP. we have issued certificated to a lot of apps including (Web, Exchange, SCOM, SCCM, client's for mail signing). now we understand that SHA-1 will be deprecated and I want to know
1. what will be the effect on my environment.
2. Am I required to upgrade and what should I updrade. both Root and SUB CA? out root and SUB CA is 2012 R2 with sha-1
3.what happens to the certificates already issued by the CA using SHA-1.
4. How to upgrade
appreciate a detailed reply