I get "Not secure" when going to our PMP site. I understand that the SSL is created with SHA-1 and needs to be SHA-2 w/ SAN. However on PMP website the instructions do not detail how to create SHA-2.  

Keystore:

keytool -genkey -alias server.company.com -keyalg RSA -keypass password-storepass password -validity 1095 -keysize 2048 -keystore PMP.keystore

CSR:

keytool -certreq -keyalg RSA -alias server.company.com -keypass password -storepass password -file PMP.CSR -keystore PMP.keystore

So how do you tell it to create a SHA-2 w/ SAN to send off to the CA?