R
ritchie1230@gmail.com
Hello,
I recently installed a certification authority (windows server 2003 R2
SP2) consisting of a standalone root ca and one enterprise subordinate
issuing ca.
I installed the root ca with a private/public key length of RSA 4096
bits and would like to change it to RSA 2048 bits.
I understand that I could change it by changing the value in the
CAPolicy.inf RenewalKeyLength=2048 (from 4096) and performing a
renewal the root ca.
I would like to know if this can be achieved by renewing the root ca
with the same key, or do I have to choose a new key.
Secondly, if I need to choose a new key, do I have to renew my issuing
certification authority and request a new certificate from the root.
Thanks,
I recently installed a certification authority (windows server 2003 R2
SP2) consisting of a standalone root ca and one enterprise subordinate
issuing ca.
I installed the root ca with a private/public key length of RSA 4096
bits and would like to change it to RSA 2048 bits.
I understand that I could change it by changing the value in the
CAPolicy.inf RenewalKeyLength=2048 (from 4096) and performing a
renewal the root ca.
I would like to know if this can be achieved by renewing the root ca
with the same key, or do I have to choose a new key.
Secondly, if I need to choose a new key, do I have to renew my issuing
certification authority and request a new certificate from the root.
Thanks,