Do I need a new CSR for a certificate renewal?

The short answer is that while yes you can reuse the CSR, it doesn't mean you should.

It's worth considering that encryption methods can improve over time (e.g., generating RSA keys @ 2048 or 4096 vs 1024 awhile back, sha256 vs. sha512, etc) so it's probably best to just generate a new one considering how trivial it is and increasing the private key strength if it's outdated.


Technically no, if you're keeping the same private key. Most CAs use the CSR purely as a mechanism to provide the public key for the certificate. Especially for Domain Validated (DV) certificates, everything else in the CSR is thrown away. The public key value is hopefully verified against the signature on the CSR before being copied into a certificate structure for signing by the CA.

Tags:

Certificates

Tls

Related

How should high net worth individuals secure their financial accounts? Is it possible to exploit this Zookeeper instance? Is there any reason to disable paste password on login? What is worse for password strength, a poor password policy or no password policy at all? Why does Google consider Thunderbird not secure enough? Which host key algorithm is best to use for SSH? Are security flaws acceptable if not much harm can derive from them? How TLS certificate chain is verified Would a (password + combination of images) be stronger for user's login regarding keyloggers? How to detect malicious JavaScript in a PDF file? Why do I need Kerberos when I could just use a username and password to access services? What is the best way to respond to phishing emails sent from a government domain?

Recent Posts