We are using scep for distributing device identity certificate. And we are now planning to use SHA-2 family signing to replace SHA-1 which we are currently using for the certificate.
Now the question is that there are already many devices installed the SHA-1 certificate.
I would like to know that how will the existing certificate be effected? Will users need to re-enroll their device again? Or can we issue a update command(or something like that) and automatically replace the existing identity certificate?
Any help is appreciated. Thanks in advance.
You'll have to re-enroll all the devices that are using the old certificate.
Recently, I renewed signing certificate for MDM enrollment profile for which I had to re-enroll the devices so that they use the profile with new signing certificate.