MJB2011
asked on
Upgrading internal RootCA to SHA2
Hi all,
We use our internal CA using a SHA1 to create certificates for internal web services. We are now tasked with upgrading this to SHA2. My colleague has suggested we renew all SHA1 certificates so that nothing is set to expire within the next 12 months. We will then look to upgrade the rootCA but im concerned that once we do that all the web certificates will need to be upgraded?
Can someone clarify what happens when the ROOTCA is upgraded to SHA2?
It will be difficult to know whether all web services are SHA2 compatible, is there a way to create a separate SHA2 ROOT CA?
We use our internal CA using a SHA1 to create certificates for internal web services. We are now tasked with upgrading this to SHA2. My colleague has suggested we renew all SHA1 certificates so that nothing is set to expire within the next 12 months. We will then look to upgrade the rootCA but im concerned that once we do that all the web certificates will need to be upgraded?
Can someone clarify what happens when the ROOTCA is upgraded to SHA2?
It will be difficult to know whether all web services are SHA2 compatible, is there a way to create a separate SHA2 ROOT CA?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Will the SHA1 certificates on my exiting servers remain SHA1, or will they upgrade?they will remain SHA1
Once CA is upgraded all the new issued certificates will be SHA2
ASKER
- When renewing existing servers - after the CA upgrade to SHA256 - will they automatically renew to a sha256 certificate?
- Do templates need to upgraded is is this done automatically?