Avatar of sara2000

asked on 

SHA1 to SHA256

We have a root Ent CA root server with SHA1 and Key Storage provider (KSP) running on Windows 2012 R2. We are planing to move it from SHA1to SHA2. I have couple of questions hope someone shed the light on it.
Right now, We have root cert certificate#0 with SHA1.  i guess that we have to renew the root certificate for SHA2 for future clients certificates  by issuing  Certutil -setreg ca\csp\CNGHashalgorithm SHA256 ,
1. Will this command change certificate#0 to 256 from SHA1 or I have to renew root CA and get certificate#1 ?

2. We have a authentication server with SHA1 cert , will there be any issue if a user's  PC get renewed with SHA2 certificate before the authentication server?
* Public Key Infrastructure (PKI)Active Directory

Avatar of undefined
Last Comment

8/22/2022 - Mon