SHA-1 based certificates (default) are no longer going to be accepted by the majority of browsers. Microsoft has set a deadline of February 2014, Mozilla, and Chrome on 1 January 2017.
Additionally, a key size of less than 2048 is considered insecure as well, so we need to make sure the key size is at least 2048.
So how do you generate a SHA-2 (SHA-256) certificate in Java? Here is an example below.
keytool -genkey -alias example -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -validity 3650 -keystore keystore.jks
In this example we create a certificate with validity of 10 years. The -sigalg SHA256withRSA
is used to set it to SHA-256.