From 6cd020755d20f5104d8e3f72b513babeb454f11f Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Tue, 28 Jan 2020 12:09:34 +0200
Subject: [PATCH] Note about request hash vs certificate hash.

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/5657
---
 .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
index 41d11386b2..bbe8176263 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
@@ -55,6 +55,9 @@ Sign-in a certificate authority or management workstations with _Domain Admin_ e
 7. On the **Cryptography** tab, select **Key Storage Provider** from the **Provider Category** list.  Select **RSA** from the **Algorithm name** list.  Type **2048** in the **Minimum key size** text box.  Select **SHA256** from the **Request hash** list.  Click **OK**. 
 8. Close the console.
 
+>[!NOTE]
+>Don't confuse the **Request hash** algorithm with the hash argorithm of the certificate.
+
 #### Configure Certificate Superseding for the Domain Controller Authentication (Kerberos) Certificate Template
 
 Many domain controllers may have an existing domain controller certificate.  The Active Directory Certificate Services provides a default certificate template for domain controllers--the domain controller certificate template.  Later releases provided a new certificate template--the domain controller authentication certificate template.  These certificate templates were provided prior to update of the Kerberos specification that stated Key Distribution Centers (KDCs) performing certificate authentication needed to include the **KDC Authentication** extension.