Matt L.'s questions

Our company is being acquired by another company and we are curious on the requirements needed to create a cross-certification / bridge CA solution.

Cross-Certification is issuing a Cross Certification Auth. certificate to the root CA of Fabrikam from Contoso's Issuing CA.

"The effect of this Cross Certification Authority certificate is that the Fabrikam Root CA appears as a subordinate CA of the Contoso Issuing CA when the certificate is presented to a computer at Fabrikam."

Is there a preferred method and why?

SHA1 Migration - Internal CAs Upgrade Requirement

A lot of internet blogs are stating that if a SHA1 certificate is not upgraded by Jan. 1st 2017, the SSL certificate will be rejected by most sites. Now from what I understand is that this will NOT affect your internal CAs issuing certificates unless your browser shows an alert aka. Chrome. So is the upgrade time a hard deadline for organizations or is it just external SSL certificates for Bank Of America or Entrust.

Thanks

PKI SHA1 Upgrade - What is the difference between the Signature Algorithm and the Thumbprint Algorithm?

I am a little new to AD CS and I was tasked with upgrading our entire PKI infrastructure from SHA1 to SHA256 for the SHA1 deprecation. I have read somewhere that SHA256 can read SHA1 hashes. This doesn't seem right to me so I was curious if anyone has had any experience with migrating from SHA1 to SHA256, it would be much appreciated. Listed below are the articles I have found below.

Thank you very much!