Renew Root Certificate and Issuing Certificate
At some point there is a renewal of the certificate of the root CA and sub CA. The reasons can be different. Expired or compromised certificate. We assume that the root CA and the issuing CA each have the first certificate.
This is important when we go into versioning. The root CA is independent (offline) and the issuing CA is integrated into the domain.
The first look is in the direction of Root CA. The first certificate bears the number 0.