Hello!

We have a infrastructure of routers running S2S between then that use windows PKI for authentification. The windows root CA had its certificate renewed, and now we are wondering what is the best way to get the new root CA certificates to routers without droping S2S connections? Will running authentificate to the existing trustpoint reset the VPN connections or will it just install the new root CA without deleting the old one? Is it better to create a new trustpoint? 

TY and BR