If you are running a Plesk, commercially, for fun or whatever other reason, this information might be for you.
When you want to order a certificate from a CA, there are now several CA’s that stop taking orders from CSRs that are using SHA1 as signature algorithm. Google also wants to accelerate the end of SHA1 by stopping marking a connection as secure if a certificate is used that is signed with SHA1. You can read more about that here.
Sadly, Plesk generates the CSR with SHA1 by default.
Plesk on Linux
You can edit the defaults used when generating a CSR. For this, edit the file “/usr/local/psa/admin/conf/openssl.cnf” and add “default_md = sha512” at the end of the [ req ] section:
[ req ] attributes=req_attributes distinguished_name=req_distinguished_name default_md = sha512
Plesk on Windows
You can edit the same file which is located at “%plesk_dir%\admin\conf\openssl.cnf“.
Hope this could help a little!