As of Zentyal version 4.2 the bundled certificate authority (CA) module is creating signed certificates using the SHA-1 algorithm which is an old algorithm and pretty much deprecated.
Google Chrome, for example, will give a warning when accessing any SSL page that’s encrypted stating that your connection is not secure.
SSL Certificates created now should, as a minimum, use the the SHA256 algorithm to ensure encrypted connections are kept private. To change Zentyal to use the SHA256 algorithm, you’ll need to make a small edit to your openssl.cnf file.
default_md = sha1
Edit the value and enter sha256.
default_md = sha256
You’ll then need to log into the Zentyal Admin site and revoke and re-issue all of your sha1 certificates.