Hi I had a sha1 signed CA and I issued other identity and CA certificates from this CA. With the deprecation of sha1 coming, I resigned my original CA (self signed) as sha512, with the same creation and expiry dates. I believe the only thing changed was the signature and serial number. But when I go to verify older certs that were signed by the original CA (the sha1 signed one), they are no longer valid. I thought if I used the same private and public key I should be okay. I thought the only relevant issue was the issuer field and that the CA keys where the same . Was I wrong. Alex
