Two ADCS in one domain

Ansar V M 1 Reputation point
2022-11-21T08:07:48.85+00:00

Hi, i am having a standalone root CA and subordinate CA server is available in our domain. This is an old CS used SHA1 algorithm. I would like to setup or upgrade this old CA to new server with SHA256.

My Question is

  1. Can i able to create a new standalone root CA and subordinate CA and use SHA 256 template in the same domain?
  2. Two CA in single domain is possible?
  3. Any other way to use SHA256 algorithm in certificates?
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,778 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. JimmySalian-2011 42,066 Reputation points
    2022-11-21T08:39:15.727+00:00

    Hi,

    AFAIK, it is not possible and will add complexity to the current setup of issuing certificates and already issued certificates in case the old server is down. I will suggest you to migrate the CA Server to the new server and carry out the migration with all the new settings.

    Also check this link. 0001473
    move-certification-authority-to-another-server

    Hope this helps.
    JS

    ==
    Please Accept the answer if the information helped you. This will help us and others in the community as well.

    0 comments No comments

  2. Ansar V M 1 Reputation point
    2022-11-21T11:16:00.863+00:00

    Thanks for your reply.
    So you are suggesting to migrate the CA with new server 2019.

    In my case old server will still be available.
    Also if i migrate to new server, can i able to upgrade the certificate to SHA256? or i need to use old SHA1?

    0 comments No comments