VMware recommends the certificate authorities to generate certificate using SHA256 and also in SSO LB document they mentioned not to use SHA 1 signature algorithm for SSL certificate. Pls find the below steps to upgrade the CA to SHA256.
Before doing any changes to the CA take the backup of the CA repository and SUB CAs
Certuil -backup \\share\backup
Certuil -backup \\Share\subbackup
Upgrade Certification Authority to SHA256
Open the Windows Powershell.
Enter the command:
certutil -setreg ca\csp\CNGHashAlgorithm SHA256
Restart the service.
After the change CA will issue now SHA256 as Hash Algorithm and also we can renew CA to use SHA256.