Yes @jsha , the error was coming from the server.
You are right, @petercooperjr !
I forgot to update the part of the CSR that specifies which hash method was used!
To resolve the case, besides changing sha1 to sha256, I also changed the following line of my code:
FROM:
iRet=oASNAlgId.AppendOid("1.2.840.113549.1.1.5")
TO:
iRet=oASNAlgId.AppendOid("1.2.840.113549.1.1.11")
The first line above is the SHA1 algorithm identifier.
The second is the SHA256 algorithm identifier.
Reference: https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/ns-wincrypt-crypt_algorithm_identifier
Thank you both for the answers! You saved my day!