I'm switching certificate authorities and have a question about certificate signing requests (CSRs). Is it possible to generate a CSR from an existing certificate that's already installed, or do I need to create a completely new certificate and CSR directly from my appliance?
5 Answers
You typically need a new CSR for the new CA, as they won’t have access to your old CSR. If you stick with the same CA, they might renew your certificate automatically.
You can generate a CSR from an existing private key, but it's generally a good idea to create a new key when updating your certificate. This ensures better security and aligns with best practices.
If you're using your existing private key, it's fine to reuse the same CSR. But regardless, if you're switching to a different CA, you will end up with a new certificate that could have a different chain.
CSRs are not tied to any specific certificate authority (CA). They simply include a public key. While some people recommend creating a new private key for every certificate, you're not forced to; you can use the same private key to generate a new CSR as long as you keep it secure.
If your private key is protected in a hardware security module (HSM), you can reuse your CSR. But in most cases, it's best to generate a new key pair for better security.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures