Good to hear you solved it. I think that for certificate purposed SHA1 is still secure just as long as you do not sign a certificate create by an external untrusted party with your CA. That said most crypto experts are urging users to start using sha256 for new projects. If you need support for XP sp <=2 you have no choice and should use sha1
I'm glad you found the problem and I will add this issue to the faq and documentation.
--- sent from Blackberry