We have a SHA1 Infrastructure and we are wondering if converting the SHA1 CA to a SHA2 CA is doable or can a SHA1 CA issue SHA2 certificates. The OS is 2008r2, we have one offline root and one issuing CA.
Thanks,
Lori
Technology Tips and News
We have a SHA1 Infrastructure and we are wondering if converting the SHA1 CA to a SHA2 CA is doable or can a SHA1 CA issue SHA2 certificates. The OS is 2008r2, we have one offline root and one issuing CA.
Thanks,
Lori
you can configure a CA server to sign all requests by using SHA2 algorithms:
certutil -setreg ca\csp\CNGHashAlgorithm SHA256
net stop certsvc && net start certsvc
However this will cause that *all* certificate requests will be signed with specified algorithm.
Please check this blog post about how this is done:
http://ammarhasayen.com/2015/02/02/pki-certificate-services-sha-1-deprecation/
Please check this blog post about how this is done:
http://ammarhasayen.com/2015/02/02/pki-certificate-services-sha-1-deprec
On Wed, 18 Feb 2015 10:45:00 +0000, Vadims Podans [MVP] wrote:
please, stop spamming on threads answered 4 years ago. We do believe that you have a great whitepaper, but the way how you promote it -- looks like spamming.
In addition, it contains nothing about how to setup a parallel PKI to
support SHA2, nor does it contain instructions on how to change the signing
algorithm from SHA1 to