I have just started to look at the certificate manager fro migrating the ePO 5.9.1 server's root cert from SHA-1 to SHA-2. It states that you wait until you get close to 100% saturation before fulling activating.
It does not mention on how you deal with system images that already have a ePO agent in the image without the agent guid. We have a lot of IT groups that have created system images that they deploy to lab systems. These images have the current ePO agent in the image. What would be the impact of migrating to SHA-2 and how will it affect systems that get re-imaged.
Does the certificate manager create another ePO agent that has the SHA-2 certs in them? I am confused and trying to avoid a situation where images systems won't be able to talk back.