picture of tbs certificates
picture of tbs certificates
Our products range

List of software allowing the reuse of CSR

What is the reuse of csr?

When ordering a certificate, you generate a CSR that is sent to the authority to issue the certificate. Re-signing means using the exact same CSR (and therefore the same private key) to perform a certificate renewal or reissuance.

Why reuse the same CSR?

When there are many certificates to manage, the renewal or reissuing of a certificate is a sensitive step, particularly in terms of the management of the private keys linked to these certificates. This is even more true since September 2020, when certificates can no longer be valid for more than one year. It is therefore possible that a private key error may occur private key, either during the installation of the certificate or during the manipulation of this key.

For example, in the case of a 5-year certificate, this requires the generation of a first certificate and then 4 reissues, thus potentially 5 private keys if a new CSR is generated each time.

The reuse of CSR avoids this. Since the same CSR that was provided at the initial order is reused, the private key does not change. It is therefore no longer necessary to manipulate it when installing a reissued (or renewed) certificate.

Another advantage: if you have a customer account with TBS, and if you have a 2 years or more server certificate, you can activate the automatic reissueing. This function allows, as its name indicates, to automate the reissueing procedure by reusing the CSR that was provided to us. It will remain to complete the validation step of the DCV challenge.

It should be noted, however, that not all software is supported by the reuse of CSR. This is the case for example for Microsoft servers such as IIS or Exchange. Here is a list of of known softwares that allow the reuse of CSR :

  • Adobe Air
  • Alibaba Cloud
  • Apache
  • Apple Developer
  • cPanel
  • Dovecot
  • IBM Notes
  • IBM Domino
  • Nginx
  • OpenSSL compatible server
  • Oracle
  • Plesk
  • Postfix
  • Redhat
  • Squid
  • node.js

Useful links