top of page

How to Install Certificate Services with SHA-256 in Server 2012 R2

In this article, How to Install Certificate Services with SHA-256 a.k.a SHA-2 in Server 2012 R2. Please refer Microsoft Article for more about SHA-256.

Open Server Manager–> click on Add Roles and features


1

Click on Next


2

Select Role-based or feature-based installation and click on Next


3

Click on Next


4

Select on Active Directory Certificate Services


5

Click on Next


6

Click on Next


7

Select Certificate Authority and Certificate Authority Web Enrollment


8

Click on Next

9

Click on Next without changing anything as it is all selected by default which required for IIS 

10

Click on Next


11

Click on Configure Active Directory Certificate Services on the destination server

13

Select administrator and Click on Next 


14

Select Certificate Authority and Certificate Authority Web Enrollment

15

Select Enterprise CA and Click on Next

16

Click on Root CA


17

Select on Create a new private key

18

Select Key Length 4096 Select SHA256


19

Select Common name for this CA and Click on Next


20

Specify the validity Period and click Next 


21

Change the CA database locations if you’re planning to change it to another location. since I am installation in Test Lab, I have left with default. but it is always good to keep it different location.

23

so installation is successful. Click on Close


24

open Certificate Authority and Click on Properties


25

you can see the Hash Algorithm is SHA256


26

To verify from Powershell, Run the below command

Certutil -Getreg CA\CSP\CNGHashAlgorithm


27
69 views0 comments
bottom of page