We have a single standalone enterprise CA running on Windows Server 2008 R2 which is still using the SHA1 hash algorithm (Micrsoft Software Key Storage Provider).
Due to a requirement in our recently changed security policy we must migrate to use SHA256.
How much of an impact will there from making this change?
Will we have to renew our root certificate to be SHA256 and then have all clients (Windows 7 SP1 Enterprise) and affected servers (Windows 2003 and 2008 R2) re-install it ? My assumption yes.
Also will we have to re-issue certificates that have previously been issued by this CA? In the case we want them to be SHA256 I realize the answer is yes but if we want to continue using the existing SHA1 installed ones, does it become an issue?
Appreciate any advice or tips. Thank you.