Weak reencryption in transparent email scan mode

Dear ladies and gentlemen,

I would like to use the Sophos XG in transparent email scan mode, but the local anti-virus software (Kaspersky) complains that the (man in the middle) certificate issued by Sophos for the email server was issued with too weak an encryption algorithm.
Signature algorithm is sha1, I think sha256 would be better
and the public key is only 1024 bits long, better would be at least 2048.
Just like Sophos does when re-encrypting SSL connections.
All this would only be a minor problem internally, but I can't disable the re-scan on the client machines, because they are also used outside the secured network.
Can you raise the security standards here and issue the POP3, IMAPS and SMTPS certificates with longer keys and better signature algorithm?

Thanks in advance