How can I generate  SHA-2 certificates with XCOM for Windows? 

XCOM™ Data Transport® for Windows

For testing purposes only, SHA2 certificates can be generated with the "make" scripts that are supplied with XCOM for Windows. Here is what to do:

• Modify the "default_md=" parameter in the [req] section of the cassl.conf, clientssl.conf and serverssl.conf files in the %XCOM_HOME%\ssl directory. The value by default is "sha1". Change it to "sha256". The "default_md=" parameter can be found multiple times in the cassl.conf file. Make sure to modify the value for each parameter found.
• Modify the "default_bits=" parameter in the [req] section of the cassl.conf, clientssl.conf and serverssl.conf files in the %XCOM_HOME%\ssl directory. The value by default is "1024". Change it to "2048". Note: The value in the cassl.conf defaults to "2048".
• Modify the sample  "makeclient.bat" and "makeserver.bat" to indicate that the certificates will be 2048 bit by changing the "rsa:1024" to "rsa:2048" on the openssl command:

                 e.g.  openssl req -newkey rsa:2048 -out serverreq.pem -outform PEM -config serverssl.conf

• Now you can run the sample "make" scripts on your system
• Issue the "listca", "listclient" and "listserver" scripts to check the "Signature Algorithm: sha256WithRSAEncryption" on the certificates.

We want to strongly stress that this is for testing purposes only. You need to contact your Security Administrator to determine your sites security specifications in order to handle SSL certifcates. They may provide you with actual certificates for your production systems. The "make" scripts are SAMPLE scripts that you can modify and maintain for testing purposes.  

See Create the TLS/SSL Certificates in our online documentation for XCOM for Windows