In this article, How to Install Certificate Services with SHA-256 a.k.a SHA-2 in Server 2012 R2. Please refer Microsoft Article for more about SHA-256.

Open Server Manager–> click on Add Roles and features

1

Click on Next

2

Select Role-based or feature-based installation and click on Next

3

Click on Next

4

Select on Active Directory Certificate Services

5

Click on Next

6

Click on Next

7

Select Certificate Authority and Certificate Authority Web Enrollment

8

Click on Next

9

Click on Next without changing anything as it is all selected by default which required for IIS 

10

Click on Next

11

Click on Configure Active Directory Certificate Services on the destination server

13

Select administrator and Click on Next 

14

Select Certificate Authority and Certificate Authority Web Enrollment

15

Select Enterprise CA and Click on Next

16

Click on Root CA

17

Select on Create a new private key

18

Select Key Length 4096 Select SHA256

19

Select Common name for this CA and Click on Next

20

Specify the validity Period and click Next 

21

Change the CA database locations if you’re planning to change it to another location. since I am installation in Test Lab, I have left with default. but it is always good to keep it different location.

23

so installation is successful. Click on Close

24

open Certificate Authority and Click on Properties

25

you can see the Hash Algorithm is SHA256

26

To verify from Powershell, Run the below command

Certutil -Getreg CA\CSP\CNGHashAlgorithm

27

#certificateServices #PKI #SHA256

Author

Leave a comment

Your email address will not be published. Required fields are marked *