diff -ru e-smith-base-5.6.0.orig/root/etc/e-smith/templates/home/e-smith/ssl.crt e-smith-base-5.6.0/root/etc/e-smith/templates/home/e-smith/ssl.crt
--- e-smith-base-5.6.0.orig/root/etc/e-smith/templates/home/e-smith/ssl.crt	2015-08-18 14:57:14.472207000 -0400
+++ e-smith-base-5.6.0/root/etc/e-smith/templates/home/e-smith/ssl.crt	2015-08-24 11:52:08.967488000 -0400
@@ -38,7 +38,14 @@
             my $issuer = `openssl x509 -issuer -noout -in $crt`;
             chomp $issuer;
             $issuer =~ s/^issuer= //;
-            if ($issuer eq $expected_issuer)
+            my $signatureAlg = `openssl x509 -text -noout -in $crt | grep "Signature Algorithm" | head -1`;
+            chomp $signatureAlg;
+            $signatureAlg =~ s/^ *Signature Algorithm: //;
+
+            if (
+	                 ($issuer eq $expected_issuer)
+	              && ($signatureAlg ne "sha1WithRSAEncryption")
+            )
 	    {
 	        # Old key file is still good. Read it out - processTemplate will work
 	        # out that it hasn't changed, and leave the old one in place
@@ -89,7 +96,7 @@
 	    exec("/usr/bin/openssl",
 		qw(req -new -key),
 		$key,
-		qw(-sha1 -x509 -days), KEYLIFEINDAYS,
+		qw(-sha256 -x509 -days), KEYLIFEINDAYS,
 		qw(-set_serial), time(),
 		)
 		    || die "can't exec program: $!";