1. vg@axa-ukraine.com' Vitaliy

    Thank you for post. It’s very helpful for us.

    Can you tell me if we have to renew all issued certificates by Subordinate CA?
    We are going to update only Subordinate CA.


    • No.. Issued Certificates can not be renewed again with SHA-256.. If that is the case, We need to reissue the certificates from the SUBCA

      • vitaliy.girenko@axa-ukraine.com' Vitaliy

        Thank you for answer.
        I mean something another.
        If we update only subordinate CA, all the certificates issued starts to be expired?
        Root CA staing without changes.


        • SUBCA Will get an option to issue SHA-2 Certificates with ROOTCA SHA1 Certificates..all the issued certificates are still valid. wherein SUBCA will get new certificate once Hash value changed from SHA-1 to SHA-256. post that SUBCA will start issuing the Certificate in SHA-256 as well.all the machines will get the certificates with SHA-256 once the existing SHA-1 Certificates coming for renewal. Hope it clarifies..

  2. ansar.vma@gmail.com' Ansar

    After upgrading the algorithm to SHA2, what will happen to the existing issued certificates? Do we need to renew all certificates to SHA2 immediatly or the certificate will get renew to SHA2 on next renewal?


    • No.. The certificates will continue to valid as long as the certificates are valid.. You can renew if you need with SHA2 or you can renew when again it is expiring the certificate.


Leave a Reply

Your email address will not be published. Required fields are marked *