Apache and openssl version RAIDiator 4.2.27.

The concern over SHA-1 certificate hashing is that with sufficient effort someone can find another certificate that has the same hash. If you can find a pki cert that has the same hash as (for instance) paypal, then you can set up a fake paypal site, and https can't detect it. One source suggests that the cost of doing this with cloud computing resources might drop to $100,000 US in 2017. People are prudently starting to phase out SHA-1 cert hashing, so that there will be no massive problems later on.

However, self-signed certficates (used by ReadyNAS) are not verified with the hash function anyway - the cert itself has to be installed in the client browser. It isn't clear yet if chrome/firefox will deprecate SHA-1 hashing for locally generated self-signed certs. Microsoft is apparently not planning to deprecate them.

It would be a good idea to upgrade the self-signed cert to SHA-256 anyway since some browsers in the future might drop SHA-1 cert hashing, but there is no security risk.

But if you are deploying a pki certificate (e.g., provided by a certificate authority), then you should migrate to SHA-256 since they are verified by the hash function.

BTW, there are other uses of SHA-1 that are not vulnerable to this particular attack (called a collision attack). In particular, HMAC-SHA1 is still considered strong, and there are no plans to deprecate it.