Migrate CSP to KSP and SHA-2 - CA certificate renewal?

SDS 216 Reputation points
2021-03-17T15:34:52.04+00:00

Hello,

when the migration from CSP and SHA-1 to KSP and SHA-2 finished on a 1-tier-PKI, the CA signs new certificates and CRLs with SHA256.

Do I have to renew the CA certificate?
What happens if I do not renew the CA certificate?
Do I have to use "renew with new key"?

It would be nice if someone could explain his answers a little bit.

Thank you!

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,420 questions
{count} votes

1 answer

Sort by: Oldest
  1. Vadims Podāns 8,561 Reputation points MVP
    2021-03-17T17:39:01.643+00:00

    Do I have to renew the CA certificate?

    no, you don't need.

    What happens if I do not renew the CA certificate?

    nothing

    Do I have to use "renew with new key"?

    in future, never renew CA with same key. Always generate new key.

    1 person found this answer helpful.
    0 comments No comments