4 Comments

  1. vg@axa-ukraine.com' Vitaliy

    Hi!
    Thank you for post. It’s very helpful for us.

    Can you tell me if we have to renew all issued certificates by Subordinate CA?
    We are going to update only Subordinate CA.

    Reply

    • No.. Issued Certificates can not be renewed again with SHA-256.. If that is the case, We need to reissue the certificates from the SUBCA

      Reply
      • vitaliy.girenko@axa-ukraine.com' Vitaliy

        Thank you for answer.
        I mean something another.
        If we update only subordinate CA, all the certificates issued starts to be expired?
        Root CA staing without changes.

        Reply

        • SUBCA Will get an option to issue SHA-2 Certificates with ROOTCA SHA1 Certificates..all the issued certificates are still valid. wherein SUBCA will get new certificate once Hash value changed from SHA-1 to SHA-256. post that SUBCA will start issuing the Certificate in SHA-256 as well.all the machines will get the certificates with SHA-256 once the existing SHA-1 Certificates coming for renewal. Hope it clarifies..

          Reply

Leave a Reply

Your email address will not be published. Required fields are marked *