![](https://windowstechpro.com/wp-content/uploads/2024/10/0a0d80_85e1b4547bab42dd97cad3a3df55638fmv2.webp)
In this article, How to Install Certificate Services with SHA-256 a.k.a SHA-2 in Server 2012 R2. Please refer Microsoft Article for more about SHA-256.
Open Server Manager–> click on Add Roles and features
![1](https://static.wixstatic.com/media/0a0d80_85e1b4547bab42dd97cad3a3df55638f~mv2.png/v1/fill/w_814,h_315,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/0a0d80_85e1b4547bab42dd97cad3a3df55638f~mv2.png)
Click on Next
![2](https://static.wixstatic.com/media/0a0d80_b176e9d7c39d40f493abd6c2416c4406~mv2.png/v1/fill/w_806,h_572,al_c,q_90,enc_auto/0a0d80_b176e9d7c39d40f493abd6c2416c4406~mv2.png)
Select Role-based or feature-based installation and click on Next
![3](https://static.wixstatic.com/media/0a0d80_dd1c42be784f4e1380b618f37d264583~mv2.png/v1/fill/w_804,h_571,al_c,q_90,enc_auto/0a0d80_dd1c42be784f4e1380b618f37d264583~mv2.png)
Click on Next
![4](https://static.wixstatic.com/media/0a0d80_68e4fd3a7b6e41998f5d389d8cf33bcd~mv2.png/v1/fill/w_805,h_569,al_c,q_90,enc_auto/0a0d80_68e4fd3a7b6e41998f5d389d8cf33bcd~mv2.png)
Select on Active Directory Certificate Services
![5](https://static.wixstatic.com/media/0a0d80_b6710fed6c154d1eba4a526dcceaac0c~mv2.png/v1/fill/w_799,h_570,al_c,q_90,enc_auto/0a0d80_b6710fed6c154d1eba4a526dcceaac0c~mv2.png)
Click on Next
![6](https://static.wixstatic.com/media/0a0d80_53e48e095cac478498d1f7138edcef4a~mv2.png/v1/fill/w_802,h_567,al_c,q_90,enc_auto/0a0d80_53e48e095cac478498d1f7138edcef4a~mv2.png)
Click on Next
![7](https://static.wixstatic.com/media/0a0d80_a9a60e914bec49b28dac14b680d0b6e2~mv2.png/v1/fill/w_804,h_575,al_c,q_90,enc_auto/0a0d80_a9a60e914bec49b28dac14b680d0b6e2~mv2.png)
Select Certificate Authority and Certificate Authority Web Enrollment
![8](https://static.wixstatic.com/media/0a0d80_57818ea14181423188019ccf8ff0900b~mv2.png/v1/fill/w_799,h_573,al_c,q_90,enc_auto/0a0d80_57818ea14181423188019ccf8ff0900b~mv2.png)
Click on Next
![9](https://static.wixstatic.com/media/0a0d80_03788a81f99c43d59c00c29615768c89~mv2.png/v1/fill/w_801,h_573,al_c,q_90,enc_auto/0a0d80_03788a81f99c43d59c00c29615768c89~mv2.png)
Click on Next without changing anything as it is all selected by default which required for IIS
![10](https://static.wixstatic.com/media/0a0d80_272e1999b3c34cfe9192ffb045316b20~mv2.png/v1/fill/w_801,h_567,al_c,q_90,enc_auto/0a0d80_272e1999b3c34cfe9192ffb045316b20~mv2.png)
Click on Next
![11](https://static.wixstatic.com/media/0a0d80_5530de3ff3dc4be99cd483e9693b0a6d~mv2.png/v1/fill/w_803,h_570,al_c,q_90,enc_auto/0a0d80_5530de3ff3dc4be99cd483e9693b0a6d~mv2.png)
Click on Configure Active Directory Certificate Services on the destination server
![13](https://static.wixstatic.com/media/0a0d80_6d84d0598b564ec58d9a13d13273b112~mv2.png/v1/fill/w_800,h_569,al_c,q_90,enc_auto/0a0d80_6d84d0598b564ec58d9a13d13273b112~mv2.png)
Select administrator and Click on Next
![14](https://static.wixstatic.com/media/0a0d80_1b0a49ffa40c42d3899f129e3717196c~mv2.png/v1/fill/w_775,h_575,al_c,q_90,enc_auto/0a0d80_1b0a49ffa40c42d3899f129e3717196c~mv2.png)
Select Certificate Authority and Certificate Authority Web Enrollment
![15](https://static.wixstatic.com/media/0a0d80_89dd39a299dc422fa8890d69f361af3e~mv2.png/v1/fill/w_779,h_572,al_c,q_90,enc_auto/0a0d80_89dd39a299dc422fa8890d69f361af3e~mv2.png)
Select Enterprise CA and Click on Next
![16](https://static.wixstatic.com/media/0a0d80_fd12a13b5c214c5b8a848baf3a3cc007~mv2.png/v1/fill/w_780,h_570,al_c,q_90,enc_auto/0a0d80_fd12a13b5c214c5b8a848baf3a3cc007~mv2.png)
Click on Root CA
![17](https://static.wixstatic.com/media/0a0d80_b79c9b697c1d4e4bbff195534056a01e~mv2.png/v1/fill/w_776,h_572,al_c,q_90,enc_auto/0a0d80_b79c9b697c1d4e4bbff195534056a01e~mv2.png)
Select on Create a new private key
![18](https://static.wixstatic.com/media/0a0d80_5badc68d56f94128ad0d8fa138242be8~mv2.png/v1/fill/w_777,h_573,al_c,q_90,enc_auto/0a0d80_5badc68d56f94128ad0d8fa138242be8~mv2.png)
Select Key Length 4096 Select SHA256
![19](https://static.wixstatic.com/media/0a0d80_0d2bfec8d4f2447c833e89f7b7f59b0e~mv2.png/v1/fill/w_776,h_572,al_c,q_90,enc_auto/0a0d80_0d2bfec8d4f2447c833e89f7b7f59b0e~mv2.png)
Select Common name for this CA and Click on Next
![20](https://static.wixstatic.com/media/0a0d80_e8d1a240a00a47b2b80d6cc09beb2c77~mv2.png/v1/fill/w_779,h_573,al_c,q_90,enc_auto/0a0d80_e8d1a240a00a47b2b80d6cc09beb2c77~mv2.png)
Specify the validity Period and click Next
![21](https://static.wixstatic.com/media/0a0d80_cbaa4656d8f245efa64e58ba47ec11cb~mv2.png/v1/fill/w_779,h_573,al_c,q_90,enc_auto/0a0d80_cbaa4656d8f245efa64e58ba47ec11cb~mv2.png)
Change the CA database locations if you’re planning to change it to another location. since I am installation in Test Lab, I have left with default. but it is always good to keep it different location.
![23](https://static.wixstatic.com/media/0a0d80_a4cd8044fc024311bf7b0558988d8c74~mv2.png/v1/fill/w_777,h_567,al_c,q_90,enc_auto/0a0d80_a4cd8044fc024311bf7b0558988d8c74~mv2.png)
so installation is successful. Click on Close
![24](https://static.wixstatic.com/media/0a0d80_dff0e4530ec54e888d0addc70202cfc5~mv2.png/v1/fill/w_781,h_573,al_c,q_90,enc_auto/0a0d80_dff0e4530ec54e888d0addc70202cfc5~mv2.png)
open Certificate Authority and Click on Properties
![25](https://static.wixstatic.com/media/0a0d80_3dc7812af14d43b3ae4b4da3ad581076~mv2.png/v1/fill/w_770,h_537,al_c,q_90,enc_auto/0a0d80_3dc7812af14d43b3ae4b4da3ad581076~mv2.png)
you can see the Hash Algorithm is SHA256
![26](https://static.wixstatic.com/media/0a0d80_cf124560f0ed4d1a83b88b288b7d9c61~mv2.png/v1/fill/w_774,h_553,al_c,q_90,enc_auto/0a0d80_cf124560f0ed4d1a83b88b288b7d9c61~mv2.png)
To verify from Powershell, Run the below command
Certutil -Getreg CA\CSP\CNGHashAlgorithm
![27](https://static.wixstatic.com/media/0a0d80_64790808697842e2b55279d81b0a1452~mv2.png/v1/fill/w_814,h_157,al_c,q_85,usm_0.66_1.00_0.01,enc_auto/0a0d80_64790808697842e2b55279d81b0a1452~mv2.png)