Comment 0 for bug 1516703

nova/crypto.py:generate_winrm_x509_cert() generates certs with default SHA-1 digest.

The call to 'openssl req' does not specify -digest option nor certificate config file sets digest, so certificates are generated with SHA-1 digest. SHA-1 is not considered to be a secure algorithm.

It would be preferable to:
1) let user specify digest algorithm via a config option
2) default to SHA-256