We are currently on Zenworks 11.3, on windows 2008 servers.

The security guys have asked us to change from SHA-1 to SHA-2 type certificates, as SHA-1 is considered insecure.

"From 01/01/2017, all major operating systems and web browsers will no longer trust connections to secure web servers which present certificates signed with the insecure SHA-1
hashing algorithm"

IS this recommended by Micro Focus/Novell?
Should I plump for externally generated certifices?
And how would I generate new internal certificates that are SHA-2?