How to Install Certificate Services with SHA-256 in Server 2012 R2

In this article, How to Install Certificate Services with SHA-256 a.k.a SHA-2 in Server 2012 R2. Please refer Microsoft Article for more about SHA-256.

Open Server Manager–> click on Add Roles and features

1

Click on Next

2

Select Role-based or feature-based installation and click on Next

3

Click on Next

4

Select on Active Directory Certificate Services

5

Click on Next

6

Click on Next

7

Select Certificate Authority and Certificate Authority Web Enrollment

8

Click on Next9

Click on Next without changing anything as it is all selected by default which required for IIS 10

Click on Next

11

Click on Configure Active Directory Certificate Services on the destination server 13

Select administrator and Click on Next 

14

Select Certificate Authority and Certificate Authority Web Enrollment15

Select Enterprise CA and Click on Next16

Click on Root CA

17

Select on Create a new private key
18

Select Key Length 4096 Select SHA256

19

Select Common name for this CA and Click on Next

20

Specify the validity Period and click Next 

21

Change the CA database locations if you’re planning to change it to another location. since I am installation in Test Lab, I have left with default. but it is always good to keep it different location.23

so installation is successful. Click on Close

24

open Certificate Authority and Click on Properties

25

you can see the Hash Algorithm is SHA256

26

To verify from Powershell, Run the below command

Certutil -Getreg CA\CSP\CNGHashAlgorithm

27

Leave a Reply

Your email address will not be published.