Does anyone know if having the offline root and subCA cert installed into the Trusted Root Authority store on a Windows Server 2003 server without the hotfixes, KB938397 & KB968730 installed, will it cause any issues? I know they won't be able to request SHA256 signed certs from the issuing CA but i want to deploy the Root certs via GPO to all workstations and servers but don't want to cause any issues. I will be deploying the hotfixes eventually but only have a few windows 2003, the majority of our systems are on newer OS and I don't want to hold up others from being able to sign and trust SHA2. Also, the hotfixes say for Windows Server 2003 SP2 but doesn't specify R2, does R2 need the hotfixes to support SHA2 or does it support without a hotfix?

Thanks, any guidence is appreciated!

Kyle

Hi,

>>Also, the hotfixes say for Windows Server 2003 SP2 but doesn't specify R2, does R2 need the hotfixes to support SHA2 or does it support without a hotfix?

We need to install these updates to let Windows Server 2003 support SHA2.

I have tested these two updates on my Windows Server 2003 R2. It works for me.

Best Regards.