I have just stood up a 2 tier 2012 CA environment using web enrollment services. I can request certs through enrollment services for 2008 and 2012 servers (domain joined and non-domain joined) without issue. Now i have to figure out how to configure things so 2003 servers can request certs using sha256.
-I have the capolicy.inf set to "AlternateSignatureAlgorithm=0" on the subordinate CA.
-I have compatibility of the cert set to 2008 (so i can choose cryptography of RSA with ShA256)
-I have installed the KB 968730 hot fix on the 2003 server
When i try and request a cert from the cert snap-in on the 2003 server, the 2012 CA does not show up nor does the SHA256 template. Is there a way to configure a version 2 template to support SHA256? Or, how do i configure things so the 2003 server can use a V3 template?
thanks