Details
Description
Since September 2021, OpenSSL in version 3.0.0 discards by default certificates signed using SHA1, as techniques have been found to create collisions on SHA1 signatures.
In order to continue using SHA1-signed certificates, end users have to configure their OpenSSL installation to lower its security level, which will also allow other less-securely signed certificates to be validated by OpenSSL (this issue talks about it).
In XWiki, we use SHA1 with RSA to sign certificates with the crypto APIs by default, this task is about switching to a more robust hashing algorithm.
Looking at what is done outside, it seems that SHA256-signed certificates have become the norm, and are now used by Let's Encrypt.