2012 R2 Certificate Authority was migrated from 2003 limited to 1024 RRS feed

  • Question

  • Hello 

    We're having issues with Certificate Authority that was migrated from 2003 to 2012 R2.  The certificates seem to be limited to 1024 bits and some new web API services require greater than 1024. 

    We 'barely' use the CA, only for a couple of servers and Wi-Fi so I am wondering my best option to proceed:

    1) Upgrade from 2012 R2 to 2019 and somehow upgrade the 1024 bit limit.  How would this work?

    2) Totally remove (decommission) the 2012 R2 Certificiate Authority and install a fresh new 2019 one ad re-issue any certs.  What would be the gotchas here?

    3) Totally remove (decommission) the CA and do not replace it internally.  Rely on 3rd party public certs.  Since we have so few services I'm struggling to see if we really 'need' the CA.  What would be the implications of having no internal CA on the domain, workstations, users etc?

    Many thanks


    Thursday, July 11, 2019 3:11 PM


All replies