SHA2 Certificate Migration
I am currently in the process of migrating all of my managed SSL certificates from a SHA1 to a SHA2 signing algorithm. Based on other discussions, I'm still unclear on how I should be going about doing this. I have successfully renewed a certificate which was previously signed with SHA1 with SHA2. I did not have to create a new key and the import was very successful. However, the owner of our internal PKI brought up a concern because the F5 defaults to SHA1 when creating a CSR even though the signature can be overwritten with SHA2. Their concern is that the key is created differently when requesting SHA1 vs SHA2. I'm not sure if that is truly the case which is why I'm asking for clarification.
Should I be creating CSRs through the F5 gui which has a SHA1 signing algorithm as I always have while asking for a SHA2 signing or should I use openssl to create a CSR specifying SHA2?