Hi
Hi,
We have a 2 tier CA structure where Root CA is offline and one Sub-ordinate issuing CA (Windows 2003). The users in the organisation are using certificates for EFS. Now we are migrating the CA to Windows 2008. Presently EFS certificate uses SHA 1 algorithm. After the migration we want to change the EFS template to use SHA 256. I have followed the below steps
- Created a Duplicate template(Windows 2008) based on Basic(EFS) and configured it to use SHA 256
- Added Basic(EFS) in the superseded templates of the new template.
- Removed the Basic(EFS) template from issued template list of the CA.
- Tried to encrypt the files for new users but the certificate is not coming from new template but the files are getting encrypt using local cert.
- I have enabled Basic(EFS) template again then the users are getting certs from old templates.
- I have changed the Group Policy and configured the new template as default template for EFS. But the users are not able to encrypt files using new template
Please suggest what should be done