By default Symantec Encryption Management Server (SEMS) 3.3.x and below used SHA-1 for the signing algorithm of the SSL certificate. 

SEMS 3.4.0 and above now use SHA256 by default.

Starting with Symantec Encryption Management Server 3.4, the CSRs use SHA-256 by default.

As all Certificate Authorities allow using SHA-256 as the signing algorithm for these Certificate Signing Requests generated by Symantec Encryption Management Server, this is fully supported on all versions of Symantec Encryption Management Server 3.3.x and above.

Symantec Encryption Management Server is fully compatible with SSL certificates using SHA-256 as the signing algorithm.  Although Symantec Encryption Management Server 3.3.x does not display an option to use SHA-256, and will not automatically generate the SHA-256 field for the Certificate Signing Request, however, upon submitting the Certificate Signing Request, if the Certificate Authority offers SHA-256 as an option, choosing this option can be used for the certificate provided, and the resulting certificate can then be used.

For example, some Certificate Authorities, offer a choice for which signing algorithm to use.  If the option for SHA-256 is available through the Certificate Authority, selecting this option will be fully compatible with Symantec Encryption Management Server.