SHA2 instead of SHA1 for your new cert

Looking out for a new SSL certificate soon? Maybe better create a new set of keys as well, not only because of heartbleed. SHA1 is said to be no longer secure. Here is the all-in-one command for your shell:
$ openssl req -nodes -sha256 -newkey rsa:2048 -keyout myserver.key -out server.csr

Even M$ has depreciation for SHA1 set to somewhat in 2016:
http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0.aspxhttp://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx

Let's see how you can check with FF what sig algo for the key was used (sorry for the german screenshot)
sha256