2 of 2 people found this helpful
Certificate should be for each Web Server front end that users will connect through.
You can use Phase 1 and Phase 2 (skip phase 3) from my guide for setting up and enabling HTTPS. I use the Microsoft Management Console to generate certificates, which allows for SHA256. If you use IIS Manager to create a Domain Certificate, it will be SHA1 only.
Thank you sir!