Upgrade pki from SHA1 to SHA256

GG-2388 121 Reputation points
2020-11-21T12:07:37.28+00:00

Hi,

We are looking to upgrade our enterprise PKI from SHA 1 to SHA 256.

Can you help us how to proceed ?

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,458 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,854 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,721 questions
Accepted answer
  1. Thameur-BOURBITA 32,506 Reputation points
    2020-11-21T12:20:43.507+00:00

    Hi,

    You have to perform the following steps :

    • Backup your PKI
    • Upgrade the Hash of cryptographic provider to SHA 256 by running the following command : Certutil -setreg ca\csp\CNGHashAlgorithm SHA256
    • Renew the root certificate to generate new one with SHA256
    • Renew all certificate generated by this PKI using the sha1 algorithm.

    You can follow my blog in french ( I will translate it to en soon) to get more details

    mettre-niveau-de-lalgorithme-de-hachage.html

    Please don't forget to mark this reply as answer if it help you to fix your issue

    3 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest