troubleshooting Question

SHA1 to SHA256

Avatar of sara2000
sara2000 asked on
* Public Key Infrastructure (PKI)Active Directory
11 Comments1 Solution173 ViewsLast Modified:
We have a root Ent CA root server with SHA1 and Key Storage provider (KSP) running on Windows 2012 R2. We are planing to move it from SHA1to SHA2. I have couple of questions hope someone shed the light on it.
Right now, We have root cert certificate#0 with SHA1.  i guess that we have to renew the root certificate for SHA2 for future clients certificates  by issuing  Certutil -setreg ca\csp\CNGHashalgorithm SHA256 ,
1. Will this command change certificate#0 to 256 from SHA1 or I have to renew root CA and get certificate#1 ?

2. We have a authentication server with SHA1 cert , will there be any issue if a user's  PC get renewed with SHA2 certificate before the authentication server?
ASKER CERTIFIED SOLUTION
Jakob Digranes
Team Lead Cloud Services

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 11 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 11 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros