Is a SHA2 CA backwards compatible?

Janus Bariñan 1,126 Reputation points
2020-11-18T15:30:19.16+00:00

Hi,

If I build a SHA2 CA can I create a template that supports SHA1?

Should the http and ldap cdp and aia be on a separate server? Does it really need iis?

Design 1
Can I build a standalone Root CA that is SHA1 while having a subordinate ent. CA which is SHA2? The standalone root CA will issue certificates for sha1 application and subordinate enterprise CA for sha2 apps. Or this setup has a security flaw?

Design 2
40793-image.png

Design 3
40893-image.png

Which Design is better?

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
38,659 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.