Signed CSRs always use SHA1, which is weak
When signing a CSR in the 2.4 GUI there is no choice to pick a digest algorithm for signing. Thus, when a CSR is signed, it is signed using the openssl default of SHA1.
We need a field to pick the digest and use it appropriately. Also, it would be nice to show the signature digest in the infoblock so it's easy to spot.
To me, I have a fix ready.
Add a field to pick a digest algo when signing a CSR, otherwise it ends up with SHA1. Fixes #7853
While here, add the cert serial number and sig digest type to the info block for each cert.