I am not a cert expert so let me just ask the first basic question... can I replace the SHA1 cert with a SHA2 cert in SecurID 7.1?
There is no option to replace SHA-1 certificates with SHA-2 in Authentication Manager 7.1 or in current versions of Authentication Manager 8.1. When Authentication Manager 8.2 is released later this year it will fully allow SHA-2 certs.
You can generate a CSR as SHA-1 then sign it as a SHA-2 cert for use with the Authentication Manager 8.1 webtier, as long as the Authentication Manager 8.1 servers are patched to SP1 patch 8 or higher.
Please note that if trusted realm is implemented in the deployment, it will break if you use a SHA-2 cert for the console cert.
Retrieving data ...