What is the main problem of the renewal of a root CA certificate?

A.
It requires key recovery of all end user keys

B.
It requires the authentic distribution of the new root CA certificate to all PKI participants

C.
It requires the collection of the old root CA certificates from all the users

D.
It requires issuance of the new root CA certificate

Explanation:
Every entity (user, computer, application, network device) that has a certificate from a PKI trusts other entities
with certificates issued by the same PKI because they all trust the root Certificate Authority (CA). This trust isensured because every entity has a copy of the root CA’s public certificate.
If you want to change or renew the root CA certificate, to maintain the trust, the new certificate must be
distributed to every entity that has a certificate from the PKI.
Incorrect Answers:
A: Renewing a root CA certificate does not require key recovery of all end user keys.
C: Renewing a root CA certificate does not require the collection of the old root CA certificates from all the
users; the root certificates will just be invalid because they will be out-of-date.
D: Issuance of the new root CA certificate is not a problem; it is not a difficult procedure. The distribution of the
certificate to all PKI participants is more of a challenge.