How to enable SHA2 Support on Windows 7


Starting in January of 2016, Microsoft started enforcing the requirement to use SHA2 in digital certificates, rather than the older SHA1 method which has been shown to have security vulnerabilities. SHA2 is a name for a set of hash algorithms that includes SHA256. SHA2 support is standard in Windows 8.1 and above as part of the move from CAPI to CNG.  However, it was not supported in Windows 7.

The Charismathics products that use the TPM on Windows 7 require support of SHA256. This requires the installation of the following 2 system installs.


If you are up to date on your Windows 7 SP1 updates, this should already be installed. 


This system install is not part of standard updates. It is a hotfix, and needs to be installed manually.
Download: 471834_intl_x64_zip.exe


Download Windows6.1-KB3020369-x64.msu.

Download 471834_intl_x64_zip.exe and run to extract the following update file: Windows6.1-KB2921916-x64.msu.
Copy the files to a directory, for example c:\tmp

Run the following command from an elevated command prompt:

wusa.exe c:\tmp\Windows6.1-KB2921916-x64.msu
wusa.exe c:\tmp\Windows6.1-KB2921916-x64.msu




Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk