how about starting to weight the Signature algorithm SHA1 vs SHA256withRSA
SHA-1 is acceptable for digital signature generation through December 31, 2010.
From January 1, 2011 through December 31, 2013, the use of SHA-1 is deprecated for digital signature generation.
The user must accept risk when SHA-1 is used, particularly when approaching the December 31, 2013 upper limit.
This is especially critical for digital signatures on data for which the signature is required to be valid beyond this date.
See Section 5.6.2 of [SP 800-57] for further guidance.
SHA-1 shall not be used for digital signature generation after December 31, 2013.
And even XP (SP3) supports SHA256 already.