Suppose I want to change the hash algorithm used for a certificate signature (ex: SHA1 to SHA2).
Is it better to revoke the previous certificate and issue a new one with expected hash algorithm ? Or is it possible to just push a new CSR with the same To-Be-Signed certificate, but expecting that another algo used ? What about Root or intermediate CA ?
I guess that even if it is feasible, it may have security issues around. Are there best practices concerning this particular case ?
Aucun commentaire:
Enregistrer un commentaire