Here we can see my CA server is using SHA1

Note: If your server says the provider is Microsoft Strong Cryptographic Provider and not Microsoft Software Key Storage Provider then skip down a bit.

You may have multiple Certificates (that is not unusual).

Open a PowerShell Window (run as administrator), issue the following command;

certutil -setreg ca\csp\CNGHashAlgorithm SHA256

Restart Certificate Services.

net stop certsvc
net start certsvc

Now you need to generate a new CA certificate.

Now you can see your new cert is using SHA256.