Hi,
You have to perform the following steps :
- Backup your PKI
- Upgrade the Hash of cryptographic provider to SHA 256 by running the following command : Certutil -setreg ca\csp\CNGHashAlgorithm SHA256
- Renew the root certificate to generate new one with SHA256
- Renew all certificate generated by this PKI using the sha1 algorithm.
You can follow my blog in french ( I will translate it to en soon) to get more details
mettre-niveau-de-lalgorithme-de-hachage.html
Please don't forget to mark this reply as answer if it help you to fix your issue