I like the easy to use command for it, but I have been using startssl.com for my CA (its free!) but they don't accept the request. It makes this error
Your certificate request was created with a potentially weak signature algorithm.
For more information please see this FAQ item.
Please change the signature algorithm to SHA1 or better, create a new CSR and try it again!
I couldn't find anything under the /certificate of changing the signing hash. Is there another place where I can change this? If not could it be an added feature?:)