Hello Sajid Mumtaz,
Thank you for posting in Q&A forum.
You had better renew the CA root certificate during downtime and if there is any problem, then we will have time to troubleshoot.
we want to keep almost the same settings for the new CA like key etc.
A: Please select "No" during renewing root CA certificate.
If we renew our CA certificate then the places where we use old CA certificate will stop working and the communication will break?
A: For AD domain users and AD domain devices in the domain, the new root CA certificate should be published to Trusted Root Certification Authorities automatically.
For other non-Windows devices or non-domain devices, you may need to install new root CA certificate manually on these devices.
Note: Please back up AD DS service before you make any changes on CA server.
I hope the information above is helpful.
If you have any question or concern, please feel free to let us know.
Best Regards, Daisy Zhou
If the Answer is helpful, please click "Accept Answer" and upvote it.