Generate new self-signed CA for Windows 2012 CA
Solution 1:
Actually, you don't need to remove CA role or start over. You can simply renew CA certificate with new key pair. Before this procedure you need to make the following changes on CA server:
certutil -setreg ca\csp\cnghashalgorithm sha256
net stop certsvc && net start certsvc
and renew CA certificate. During prompt select to generate a new key pair.