Free Webinar
October 11 | 11am PT / 2pm ET
Learn how to build an IT infrastructure of your dream
with Dell EMC PowerEdge 14G servers
Speaker: Ivan Talaichuk, Pre-Sales Engineer, StarWind
Posted by Didier Van Hoye on February 14, 2017
Upgrade your CA to SKP & SHA256. Part III: Move from SHA1 to SHA256

We’re not done yet. In part II we moved from the older CSP provider to a KSP provider but now we want to start issuing certs with a SHA256 hash. That’s what we’ll do here in part III. The final step is that we move from SHA1 to SHA256 and tell the CA to work with the KSP. This is a tedious job that involves creating registry files in order to change the existing registry keys we already backed up before.

Learn More

Posted by Didier Van Hoye on February 3, 2017
Upgrade your CA to SKP & SHA256. Part II: Move from a CSP to KSP provider

Once you have moved to a least Windows Server 2008 R2 you can take this step. Any version below doesn’t allow for this and should be considered the end of life. Many haven’t made the move from a CSP to KSP provider yet, even when they are already running Windows Server 2012 or 2012 R2 for a few reasons. There were some issues with older clients like Windows Server 2003 and Windows XP. These were fixed with a hotfix but in all seriousness, if you’re still on those OS versions you need to move a.s.a.p. and if not there’s nothing we can do to help you. A modern and secure PKI will be the last of your worries I’m afraid. For a Microsoft reference, see Migrating a Certification Authority Key from a Cryptographic Service Provider (CSP) to a Key Storage Provider (KSP).

Learn More