Recently we upgraded signature of several our SSL certs from weak SHA1withRSA to SHA256withRSA
$ openssl req -text -noout -verify -in xyz.csr | grep Signature
Signature Algorithm: sha256WithRSAEncryption
However site still reports:
Signature algorithm SHA1withRSA WEAK
But it is definitelly loading correct certificate, because for example Valid until has changed correctly.
Is this know bug on the site, or problem within our SSL certificate supplier, or we did something wrong?
We used this command for KEY/CSR generation:
openssl req -new -sha256 -newkey rsa:4096 -nodes -keyout xyz.key -out xyz.csr