I work for a company that is currently using SHA1 to sign SSL Certs. I have a web based app which enrolls the SSL Certs to the CA server. The PKI infraestructure is supported by a different team to mine and this team don't have a time frame to deliver a
SHA2 infraestructure.
I'm looking in a way to mitigate this issue for the users using the web based application. My goal is develop a Powershell script and run it on a daily basis to update the validity period for a specific template in order that any request enrolled using that
template expires before Dec 31st, 2016 and avoid the upcoming Chrome security errors for SHA1 certificates.
I'm testing the script and I have a minor issue with setting the expiration date but beyond that I'd like to know your comments about this approach, I have heard that there are inherent inter-dependencies between various template attributes which are enforced
via visual clues and complex logic from the template snapin so I wonder if certificate templates mmc is the only supported way to edit a template and if that means that no (supported) programmatic interfaces exist.
Ps. The CA PKI Server is Windows 2008 R2 and runs in an intranet.
Thanks,