Problem

* How has the deprecation of SHA-1 affected VA?

Resolution

-- VA has long supported SHA-2, so there is no impact to any supported release due to the SHA-1 deprecation. In 4.12.0 SP3, VA removed the option to allow the generation of SHA-1 certificates, though VA can still import and work with SHA-1 certificates generated elsewhere. In particular, it should be noted that if you generate a CSR with SHA-256, the CA can elect to sign it with SHA-1 if there is some need to maintain compatibility with legacy systems.