Education Center

Do I have to Generate a new CSR to get my Certificate Renewed?

It is recommended that you generate a CSR each time you renew your old certificates. Though some web servers may allow you to use the old CSR, generating a new one takes care of incorporating new encryption methods and hashing algorithms into the new certificates.

2022 Ponemon Report: The State of Certificate Lifecycle Management in Global Organizations

You can, however, use the same private key for your new certificate as was used in the old one. In case you choose the above method, and you use a dedicated software solution to manage your certificates, the renewal process can be automated. The certificate management software can, in this case, auto-fill your CSR details and send it to the CA by itself. If you want to generate new keys for your certificate (for security reasons) you can raise the CSR manually.

Certificate management software or sometimes your CA will start sending alerts reminding you to renew your certificate 90 days before it’s set to expire. The group to which this email is sent depends on the time remaining, and grows larger as the date nears. You can renew your certificate right after you receive the first alert, and the leftover months will be carried over. It’s recommended to renew certificates well before their expiry to prevent potential issues from late renewal cropping up.

Let’s get you started on your certificate automation journey