Hello
Can someone please help me with the following question :)
I understand from the cryptographic community no longer considers SHA1 secure, and recommend at last SHA256
That being the case when setting up a new Microsoft Root CA on Server 2012 R2 the default for signing the public key is SHA1. Should I therefore select SHA256 instead?
If I Choose SHA256 is it possible this will cause and incompatibility issues with systems (say other MS operating system or Unix/Linux OS) when they use the CA Public key to check if did indeed sign the certificate they are checking. In other words will most systems OS (Windows XP/Unix Linux) be able to use SHA256?
on a related note I understand the longer the key the better therefore with this in mind the default is 2048, should I not change this to 4096 (or 3072) when setting up a new CA to make private key more secure e.g. take longer to crack?
As with first question, will a longer key cause any potential compatibility issues with other OS/Software
Thank you
AAnotherUser__
AAnotherUser__