Hi,
According to http://technet.microsoft.com/en-us/library/cc740209%28v=ws.10%29.aspx
"When you generate a new key pair for a CA that is being renewed, a new certificate revocation list (CRL) distribution point is also created. This is to ensure that the key used to sign a certificate issued by the CA also matches the key used to sign the CRL. For more information about how renewing a CA with a new key affects certificate revocation and the name of CRLs, seeRevoking certificates and publishing CRLs."
However this link contains nothing about CA renewal. It has a section "Publishing a CRL before the next scheduled publish period", ie the procedure here:
http://technet.microsoft.com/en-us/library/cc778151%28v=ws.10%29.aspx
Is this all you have to do after renewing a root CA and choosing yes to generate a new public and private key pair for the certification authority's certificate?
Many thanks
Brendan