I have a VeriSign certificate on one of my Linux / Apache websites that is going to expire. I plan on buying a renewal from VeriSign.
What is the best way to renew the certificate with Apache? Do I have to generate a new request and start over? Are there any pitfalls I should watch out for?
Best Answer
You can just have the current certificate's request resigned. However that does (in theory) lower security.
In practice as long as your key was properly generated and never used on a Debian or Ubuntu machine that had the SSL entropy issue and there's no problems with formally trusted people still having a copy of the key you're fine.
I generally just re-sign, although as I said above, if you're at all concerned, just generate a new cert. It's the same process.