I have root CA and subordinate CA in my environment. Both are running on Windows Server 2008. Both CA are currently configured with MD5
as hash algorithm. I refer to this post http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/91572fee-b455-4495-a298-43f30792357e/ and
understood that I can change the algorithm to SHA1 and proceed with renewal of root CA and subordinate CA cert.
How will this affect my current web server which is currently using the cert generated by the sub CA? Do I have to replace all the certs that I previously issued with the sub CA?
Regards,
CH