When is creating a new CSR + Certificate needed?

[danni]

Hey Guys,

I've always thought that, if I changed server, I needed to create a new CSR + Certificate - So I have done that several times.

But seeing my shared hosting provider, can switch server (with my account on it) without me needing to doing the above, I get confused as to when its actually needed to do so.

Is it only in cases such as Certificate expiration (renewal), Comprimised certificate etc ?

 

[NodeWest-Dan]

If it's a cpanel server your keys and what not can go with your account during migration depending on how the migration is done.


Sent from my iPhone using Tapatalk

 

[ndelaespada]

If you don't keep your CSR and your Certificate then when you migrate to a new server you'll need to re-issue.

Most hosting providers keep those safe, if it's a VPS then you can move it to a new hardware without having to re-issue the certificate as nothing changes.

 

[willie]

If you move an old domain name to a new server, you can move your key and cert files too.  The main thing (other than cert expiration) is the domain name inside the certificate has to match the domain name that the user actually browses to.  So if you change domain names, you need a new cert, otherwise you don't.  If your cert expires you could in principle use the same CSR to get a new one, but it's a good idea to generate a new key anyway, in case the old one leaked somehow.

 

[danni]

Thanks for the helpfull replies guys

 

[nunim]

There's no reason to keep old CSRs, just keep the private key and certificate itself safe.  The only time you should generate a new CSR is if your private key is compromised.