Changing signature algorithm for CSR generation on Plesk

Hi Webhosters!

If you are running a Plesk, commercially, for fun or whatever other reason, this information might be for you.

When you want to order a certificate from a CA, there are now several CA’s that stop taking orders from CSRs that are using SHA1 as signature algorithm. Google also wants to accelerate the end of SHA1 by stopping marking a connection as secure if a certificate is used that is signed with SHA1. You can read more about that here.

Sadly, Plesk generates the CSR with SHA1 by default.

Plesk on Linux

You can edit the defaults used when generating a CSR. For this, edit the file “/usr/local/psa/admin/conf/openssl.cnf” and add “default_md = sha512” at the end of the [ req ] section:

[ req ]
default_md = sha512

Plesk on Windows

You can edit the same file which is located at “%plesk_dir%\admin\conf\openssl.cnf“.


Hope this could help a little!

Leave a Reply

Your email address will not be published. Required fields are marked *