SHA2 instead of SHA1 for your new cert

Looking out for a new SSL certificate soon? Maybe better create a new set of keys as well, not only because of heartbleed. SHA1 is said to be no longer secure. Here is the all-in-one command for your shell:
$ openssl req -nodes -sha256 -newkey rsa:2048 -keyout myserver.key -out server.csr

Even M$ has depreciation for SHA1 set to somewhat in 2016:

Let's see how you can check with FF what sig algo for the key was used (sorry for the german screenshot)