Ive looked at a couple other articles on here about changing from sha1 to 2 and or the key length. Since we have a minimal number of certs issued (not autoenrolling users or computers) it seems like it would be easier to just build a new root in VM. We only have an internal 2 tier PKI with no outside access and only have a few certs issued for internal web sites.
Right now the root is 2048/sha1 and I've been trying to implement best practices. Can I do the following and will this break any current issues certs???
Build new offline root in VM using the SAME server name and SAME CA name as current offline root
Install CA and choose to create new private key (4096 and sha256)
Run post script
Publish cert and copy to current issuing etc etc.
Would this work if I used the same server name and ca name? Do I need to backup the existing root CerSrv reg location and import to the new one? Would this break any certs I already have out there or not since the names are the same?
thanks