Do I Need a New CSR to Renew or Reissue My SSL Certificate

Like most things in life, it depends. You will have to generate a new Certificate Signing Request (CSR) if you are using the following server types:

• Microsoft Windows Servers
• Tomcat Servers
• Java-based Servers
• Most applications, such as firewalls, load balancers, etc.

Some servers, including Apache and NGINX servers, allow you to use the old CSR to renew or reissue your SSL certificate and install a new certificate without generating a new CSR; however, security best practices suggest that you should generate a new private key and CSR when renewing or reissuing your SSL certificate.

If you have any of the above server platforms, you must generate a new CSR before you submit your renewal or reissue request.