We have a Windows 2008 r2 Enterprise root CA + Two Sub CAs in our Domain. Configured automatic machine certificate enrollment for client machines and its found the client certificate is of SHA1 algorithm- Even though I configured SHA2 in Certificate auto enroll template.
1. Why client certificate are of SHA1 , even if I selected SHA2 option in certificate template.
2. Is this due to a limitation in CA infra?
3. How can I check if my CAs has capability to issue SHA2 certificates ?