Generating SHA-2 certificate with ikeyman
Trying to move from SHA-1 SSL to SHA-2 SSL since SHA-1 certificates expiring as of Jan 2016. I am using ikeyman version 8.0.344 to generate a new SHA-2 cert. Couple of questions I have
I am generating kdb, and under Create new Key and cert request I have selected:
key Size: 2048,
Sig. Algorithm: SHA2WithRSA
Are these 2 values correct selections?
2.After created the cert. request, I viewed what I generated and seeing
Fingerprint (SHA1 Digest):
Signature Algorithm: SHA256withRSA
Does it matter if FingerPrint is SHA1?
Theoretically, the certificate can be forged. But, I am still researching so don't know if there is a known 'fix' or is this a non-issue for SSL security.
This question and ensuing discussion may shed some light - Is SHA-1 secure for password storage?