Migrate CSP to KSP and SHA-2 - CA certificate renewal?

SDS 216

Hello,

when the migration from CSP and SHA-1 to KSP and SHA-2 finished on a 1-tier-PKI, the CA signs new certificates and CRLs with SHA256.

Do I have to renew the CA certificate?
What happens if I do not renew the CA certificate?
Do I have to use "renew with new key"?

It would be nice if someone could explain his answers a little bit.

Thank you!

Daisy Zhou 13,026 Reputation points Microsoft Vendor

2021-03-29T06:33:15.193+00:00

Hi @SDS

Hope the information provided by Crypt32 is helpful.

How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.

Best Regards,
Daisy Zhou
Daisy Zhou 13,026 Reputation points Microsoft Vendor

2021-03-31T03:18:53.067+00:00

Hi @SDS
I just want to confirm the current situations.
Please feel free to let us know if you need further assistance.

Best Regards,
Daisy Zhou

1 answer

Vadims Podāns 8,396 Reputation points MVP

2021-03-17T17:39:01.643+00:00

Do I have to renew the CA certificate?

no, you don't need.

What happens if I do not renew the CA certificate?

nothing

Do I have to use "renew with new key"?

in future, never renew CA with same key. Always generate new key.
Please sign in to rate this answer.

1 person found this answer helpful.

No comments
Sign in to comment

Activity