When a deployment with SHA-1 root certificate on primary instance is upgraded to SHA-256 without upgrading certificate on replica instance does this have any impact to replication or any other components of RSA deployment?
RSA AM Current Version: 8.4 P12
Yes. When you upgrade the built-in 'plumbing' certs on the primary, a primary-keystores.zip file is created that needs to be brought to each replica and a command can be run to install the new roots into the replica keystores. Otherwise, the instances won't trust each other.