Hi,
I have one Root CA (Offline) and one subordinate CA in my environment. My all systems are getting certificate from my running SUB CA with signature algorithm RSASSA-PSS and near about 1000+ certificate has been issued from server. Now their is a new requirement from one of my application vendor that they need signature algorithm with sha1RSA. So pls confirm if i can modify signature algorithm on my running server without impacting to existing issue certificate users.
Any possible way pls suggest.
Or we need to build a new Sub-ca with requested signature algorithm. If yes then how to do that.