We have a SHA1 Infrastructure and we are wondering if converting the SHA1 CA to a SHA2 CA is doable or can a SHA1 CA issue SHA2 certificates. The OS is 2008r2, we have one offline root and one issuing CA.
Thanks,
Lori
SHA1 CA
July 7th, 2011 7:16pm
you can configure a CA server to sign all requests by using SHA2 algorithms:
certutil -setreg ca\csp\CNGHashAlgorithm SHA256
net stop certsvc && net start certsvc
However this will cause that *all* certificate requests will be signed with specified algorithm.
Free Windows Admin Tool Kit Click here and download it now
July 7th, 2011 7:40pm
Please check this blog post about how this is done:
http://ammarhasayen.com/2015/02/02/pki-certificate-services-sha-1-deprecation/
February 18th, 2015 3:05am
Please check this blog post about how this is done:
http://ammarhasayen.com/2015/02/02/pki-certificate-services-sha-1-deprec
Free Windows Admin Tool Kit Click here and download it now
February 18th, 2015 5:47am
On Wed, 18 Feb 2015 10:45:00 +0000, Vadims Podans [MVP] wrote:
please, stop spamming on threads answered 4 years ago. We do believe that you have a great whitepaper, but the way how you promote it -- looks like spamming.
In addition, it contains nothing about how to setup a parallel PKI to
support SHA2, nor does it contain instructions on how to change the signing
algorithm from SHA1 to
February 18th, 2015 6:05am
This topic is archived. No further replies will be accepted.
Other recent topics
