Browsers started to warn users about certificates with Sha1 signature. Sha256 is needed now a days.
So it’s time to renew certificates from Thawte, Godaddy, etc
You can generate a new Certificate Signing Request with openssl with this command:
openssl req -nodes -newkey rsa:2048 -keyout servername.key -out servername.csr -sha256
“servername.csr” is an ascii file you can send or paste to your certification authority’s interfaces.
Version: tested with OpenSSL 1.0.1e 11 Feb 2013 on Debian 7