Hi,
The hash was determined by the selection when install the CAs as following:
Based on my research, it can be configured to generate a SHA384 cert, but it will not only effect one cert, it will effect all the certs and CRLs the issue CA issues.
The hash chosen on the root CA determines how the Subordinate CA's certificate is signed;
During the Subordinate CA install, the hash algorithm you select under the Select the hash algorithm for signing certificates used by this CA determines how the certificates and CRLs issued by the Subordinate CA are signed.
It can be changed by the registry CNGEncryptionAlgorithm .
To use the certutil.exe command to set these values, use the following syntax:
certutil -setreg ca\csp\CNGHashAlgorithm <Hash Algorithm>
For example:
certutil -setreg ca\csp\CNGHashAlgorithm SHA384
Note: As with all changes , make sure you backup the settings before changing, and test thoroughly after the change.
For your reference:
https://social.technet.microsoft.com/wiki/contents/articles/31296.implementing-sha-2-in-active-directory-certificate-services.aspx
Best Regards,