This week contain security news that affect worldwide, again. Widely used SHA-1 algorithm vulnerable to collision attack. Major vendors already warned about this problem several years ago. But only today I decided migrate my EJBCA PKI infrastructure to SHA-256 ECDSA and regenerate all certificates (<50). I had some doubts about compatibility SHA-256 ECDSA with wide range server and desktop applications, but all working fine.