Hi,
We currently have DA running on Windows 2012 R2 using a SHA1 CA. We've deployed a new SHA256 CA running on Windows 2016. Currently, both CAs are running side by side, with the SHA1 being the primary CA for the organisation, .e.g it's been used by GPOs to auto enroll computer certificates and it's used by the DA server. Both CAs are trusted by the organisation.
We're now in a position to migrate over to the new SHA256 CA, what's the best way to do this without interrupting the current DA service for clients?
Thanks