1

We are currently deploying a security solution for one of our clients and we require their SSL cert in PEM / PKCS12 format. However, they told us that they have "Lost" their CSR and wouldn't be able to provide us with any sort of certs.

If they were to reapply for a new CSR and generating a new SSL cert for their servers, will it cause any issues to the servers and their users?

DroidMatt
  • 13
  • 4

1 Answers1

2

Losing the CSR, once a certificate is issued, isn't a problem. There's no need for the CSR after issuance.

If they don't have the certificate itself (or the associated private key), then yes, a new certificate will need to be issued, typically by generating a new CSR (possibly from a newly generated private key) and submitting that to a certification authority to trigger the issuance of a new certificate. Assuming a suitable CA is used, issuing another certificate will not cause any problems for existing users or servers (unless the previous certificate is revoked, which is an unusual occurance).

womble
  • 96,255
  • 29
  • 175
  • 230
  • Hi @womble, do correct me if I'm wrong, isn't the CSR the private key? Thank you. – DroidMatt Aug 20 '15 at 02:30
  • No, the CSR is the public key combined with the details which the requestor would like to see in the generated certificate (and then, typically, signed, to prove control of the private key). Putting the private key in the CSR would compromise the security of the private key, because the CSR gets sent to the CA. – womble Aug 20 '15 at 02:33