The options for the CertEnroll engine list Hash Algorithm as SHA2 (sha-256 specifically), but when I export the root certificate to the desktop (or trust it), the generated CA self-signed certificate has a signature algorithm of sha1. Is there something I need to do to support SHA 2 intercepted traffic?