In 3 tier PKI hierarchy to renew IntCA cert
New CeRT/CrOSS CeRT
Will this create cross-sign certificates(0-1, 1-0) for SubCA, in addition to the new cert on IntermediateCA under CertSrv >> CertEnroll folder ?
if yes then do this need to publish ""certutil -f -dspublish" the new Cert and cross-sign certificate.
For new CRL, do this need to be published
Coping the new CRL to CDP will replace the old CRL ? as the existing certificate is still referring to the old CRL file ...