Here we can see my CA server is using SHA1
Note: If your server says the provider is Microsoft Strong Cryptographic Provider and not Microsoft Software Key Storage Provider then skip down a bit.
You may have multiple Certificates (that is not unusual).
Open a PowerShell Window (run as administrator), issue the following command;
certutil -setreg ca\csp\CNGHashAlgorithm SHA256
Restart Certificate Services.
net stop certsvc net start certsvc
Now you need to generate a new CA certificate.
Now you can see your new cert is using SHA256.
