This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 94%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hello,
when the migration from CSP and SHA-1 to KSP and SHA-2 finished on a 1-tier-PKI, the CA signs new certificates and CRLs with SHA256.
Do I have to renew the CA certificate?
What happens if I do not renew the CA certificate?
Do I have to use "renew with new key"?
It would be nice if someone could explain his answers a little bit.
Thank you!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hi @SDS
Hope the information provided by Crypt32 is helpful.
How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.
Best Regards,
Daisy Zhou
Hi @SDS
I just want to confirm the current situations.
Please feel free to let us know if you need further assistance.
Best Regards,
Daisy Zhou
Do I have to renew the CA certificate?
no, you don't need.
What happens if I do not renew the CA certificate?
nothing
Do I have to use "renew with new key"?
in future, never renew CA with same key. Always generate new key.