Yes, just renew your SubCA with new key pair and sign request by another Root CA. It is supported.
PKI: can a SubCA be signed by another RootCA than the original?
KnowNothingThomas
21
Reputation points
Hi,
Can an existing Enterprise Subordinate CA be signed by a new Root CA? This SubCA will be revoked by the original Root, as it will no longer be part of the current hierarchy. Our client may want to have the SubCA continue running without having to build an entirely new hierarchy and issue all certificates again.