Hi all,
Perhaps you can help me in with a problem I am facing right now.
Acutaly I am in the process of renewing a local PKI, because the old PKI is installed on old servers with a SHA1 key.
We would like to set up a new PKI on new machines with new keys. This means, we would have two Enterprise PKI at the same time within our AD Domain.
Our clients authenticate against our WiFi using machine certificates via a radius server. So far so good.
Do we have to set up a new radius server, or will the old one be able to trust both certificate authorities and authenticate our clients against the old and the new CA at the same time?
We would like to stop the autoenrollment on the old CA and enable it on the new one, and within 90 days, the old certificates will not be valid anymore. 90 days is the configured validity period for our computer certificates.
After 90 days, we would remove the old CA.
Is this a valid scenario?
Thanks for your help in advance!