Microsoft and Google announced SHA-1 deprecation plans that may affect websites with SHA-1 certificates expiring as early as after December 31, 2015.
Certificates can be created with different 'hash algorithms', including
1) SHA1: a 160 bit hash
2) SHA2: a family of two similar hash functions with different block sizes, known as SHA-256 and SHA-512 (this is a newer algorithm)
Up until recently, only the SHA1 algorithm was supported with WebLogic. But starting with WebLogic 10.3.3, the SHA2 algorithm is supported as well.
If you wish to use a certificate with a SHA2 hash algorithm, then you will need to enable JSSE SSL (which trusts stronger certificates such as SHA2)
Oracle strongly recommend that you upgrade to the latest WebLogic Maintenence Pack and the latest JDK patch as there are some known issues with JSSE SSL and lower WebLogic maintenance packs and Java patches. You should be using WebLogic 10.3.6 at a minimum
You can check Frequently Asked Questions about SSL Certificates on WebLogic on official documentation of above on Oracle Metalink( support.oracle.com)
SHA2 (SHA256 etc.) is supported from weblogic 11g(10.3.6) on-wards but certificates will work only with the JSSE implementation(-Dweblogic.security.SSL.enableJSSE=true).
SHA2 Certificates and Ciphersuites are supported in WLS 12.1.X in the following circumstances:
WLS 12.1.1 with JDK 7 and JSSE enabled using the JDK's Sun JSSE provider (default) or RSA JSSE provider
WLS 12.1.1 with JDK 6 and JSSE enabled using the RSA JSSE provider
WLS 12.1.2 (or later) with JDK 7 (or later) and JSSE enabled using the JDK's Sun JSSE provider (default) or RSA JSSE provider
If you are on lower version than 10.3.6 then you can use the apache/OHS which will acts as reverse proxy in front of the entire environment.
The reverse proxy acts as an SSL terminator for client connections using the latest SHA-2 SSL Certificates.
Check below link
https://technology.amis.nl/2014/12/07/securing-ohs-environments-latest-ssl-tls-protocols-sha-2-certificates/
