This document will guide you through upgrading the digest to SHA256 for the EEM r12.x Server. Using the eiam-clustersetup tool, that is already provided with the EEM r12.x install, running on Windows, Linux, and Unix environments.
Follow these steps in order to upgrade the Certificates to SHA-2 (SHA256):
On the CA EEM Server where the certificates have to be issued, navigate to the following location %EIAM_HOME%\bin or $EIAM_HOME/bin, via command prompt:
1. Execute the following command:
java -jar eiam-clustersetup.jar
-A confirmation message appears.
2. Type Y (yes) and press Enter.
3. Execute the following command:
4. The following message appears: INFO - Enter Certificate Key Length [default = 1024]
I wouldn’t suggest upgrading the key length, as it may impact the client applications, if the versions are different (mismatched).
In this case select: 1 (INFO -  1024)
5. The following message appears: Enter Digest Algorithm [default = SHA256]
In this case select: 2 (INFO -  SHA256)
-You will receive a summary/confirmation message.
6. Type Y and press Enter.
-You will see that it is generating the new certificates.
7. Once it is done generating the new certificates, type: status
-This will verify that the two services are started.
8. Type: exit, to close out of the utility.
Now the CA EEM Server will use the newly generated certificates.