Lots of ssl vendors keep the csr (the private key and associated key data).
However, Windows makes it challenging to re-use a private key. It can be done, but it isn't easy. I don't know why that design decision was made. That is likely why you've never actually "renewed" a certificate, but instead generated a new CSR and acquired a new certificate. Renewals are common in UNIX/Linux/etc. (or even if you are running certain applications under Windows that don't use the Windows certificate store, such as Apache or Tomcat - you'll use OpenSSL to manage those certificates). -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Maglinger, Paul Sent: Monday, July 22, 2013 4:56 PM To: New NT System Admin List ([email protected]) Subject: [NTSysADM] Question about CSRs Just curious if anyone is aware of any SSL provider that keeps a copy of your CSR, provided they are not hosting your website. I have been told it is a common practice for the host to keep them to ease in renewing certificates, in that they can just reuse the old one. I've never seen that and I've always had to generate a new one when a certificate expired (or re-use the old CSR). In either case, I've had to provide it because they didn't keep a copy. Just seeing what everyone else has to do. Thanks, Paul
