Hi All,<o:p></o:p>
<o:p></o:p>
I have a server 2012 PKI infra (off line root SHA256, 4 online issuing Servers
SHA256) in my server 2008 domain.<o:p></o:p>
I have a number of server 2003 R2 boxes in my environment. As my off line root CA
and enterprise issuing CA's are published into AD, all of my domain machines
have the certificates in their trusted root stores and intermediate root
stores. All of my 2003 R2 servers cant trust the certificates. Following
errors;<o:p></o:p>
Root certificate and issuing cert errors;<o:p></o:p>
The integrity of this certificate cannot be guaranteed. The certificate may be
corrupted or may have been altered.<o:p></o:p>
on the details tab, the signature algorithm shows up as 1.2.840.113549.1.1.11
(server 2008 and win 7 boxes show "SHA256")<o:p></o:p>
The below article suggests that hotfix 968730; <o:p></o:p>
http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx<o:p></o:p>
http://support.microsoft.com/kb/968730/en-gb<o:p></o:p>
however that hotfix is not compatible for Server 2003 R2. Not to sure what I'm doing
wrong here. Any suggestions would be appreciated.<o:p></o:p>