
In this article, How to Install Certificate Services with SHA-256 a.k.a SHA-2 in Server 2012 R2. Please refer Microsoft Article for more about SHA-256.
Open Server Manager–> click on Add Roles and features

Click on Next

Select Role-based or feature-based installation and click on Next

Click on Next

Select on Active Directory Certificate Services

Click on Next

Click on Next

Select Certificate Authority and Certificate Authority Web Enrollment

Click on Next

Click on Next without changing anything as it is all selected by default which required for IIS

Click on Next

Click on Configure Active Directory Certificate Services on the destination server

Select administrator and Click on Next

Select Certificate Authority and Certificate Authority Web Enrollment

Select Enterprise CA and Click on Next

Click on Root CA

Select on Create a new private key

Select Key Length 4096 Select SHA256

Select Common name for this CA and Click on Next

Specify the validity Period and click Next

Change the CA database locations if you’re planning to change it to another location. since I am installation in Test Lab, I have left with default. but it is always good to keep it different location.

so installation is successful. Click on Close

open Certificate Authority and Click on Properties

you can see the Hash Algorithm is SHA256

To verify from Powershell, Run the below command
Certutil -Getreg CA\CSP\CNGHashAlgorithm
