There is two ways to create sha256(SHA-2) csr in windows.
I strongly advise to use OpenSSL. Because it’s easy and really good to manage this certificate life cycle. For example; If you need to create a SHA-2 CSR you just need to download OpenSSL binaries and then run these command sets.
#openssl req -out Casesup.csr -new -newkey rsa:2048 -nodes -keyout Casesup.key -sha256
Use Microsoft management console (mmc)
I will briefly describe how to generate SHA-2 csr on the Windows server with MMC. It’s really hard to add a screenshot but let’s keep it clear.
Open Microsoft Management Console
Type MMC to the run and click OK.
Click Add/Remove Snap-in…
Add Certificate snap to the Control Panel
Create a Custom Request from Advanced Operations
Right-click on the blank page then All Tasks>Advanced Operations > Create Custom Request
Click detail box then properties
Define your CSR information like OU, Organization, DNS, Email, etc.
If you need to define certificate’s extensions then check these boxes
I’ll pass these steps because I don’t need to define any extensions.
Define key size and hash algorithm
The last and most important step will be defined as private key options on this page. You need to define key size 2048 and hash algorithm to SHA-2.
Save the CSR file and click Finish