Hi, I have read some article about transition to SHA-2 certificates. One suggestion is add a new certificate service that issues SHA2 in an exisiting AD CS environment. Question is that since the whole certificate chain should be SHA-2,
when adding new SHA-2 issuing CA to existing AD CS environment that is using SHA-1, should the root CA be modified to has SHA-2 CSP and generate new SHA-2 certificate for new issunbg CA also? If so, how is this existing root CA to support both SHA-1
(existing) and SHA-2 (new CS) at the same time (since one CSP could be used)? Thanks for any input.
↧