I believe you're looking for this:

g_ssl_sha1_sign - Sign CSR with SHA1 instead of MD5 for enhanced
security, beta testing

T.

On 6 June 2013 08:26, Chris Ferebee HIDDEN@ebee.net> wrote:
> Hi all,
>
> I need to renew the SSL certificate for a SurgeMail server (Mac OS X 10.6.8, SM 6.4a-1) and would like to use the StartSSL CA, as they offer free certificates for basic security.
>
> When I try to submit a new CSR generated in the SurgeMail SSL web admin interface, StartSSL rejects it because it "has been signed with MD5, please upgrade to SHA1 or better".
>
> How can I create a CSR manually with openssl so that the certificate will be recognized by SurgeMail? I assume SurgeMail doesn't care what algorithm was used to sign the CSR once the certificates are installed.
>
> Best,
> Chris Ferebee
>
>
>
>