Can I reuse a SSL CSR?

Solution 1:

As long as your using the same key, domain (aka common-name), contact details and validity period you should be able to use the same CSR.

Though to be honest generating a CSR is a pretty simple job, so if you need to amend the contact details (which a lot of SSL providers are strict on) it's not a big deal.

Solution 2:

For your example case, I don't think it's worth trying to reuse CSRs. However, for a large diverse team Apple iOS developers (like I have) there is a good reason to do this. We create (actually, ask Apple to create) all our signing certs and push certs off the same private key. That way we can all collaborate easily on our 85+ apps. For this reason, we keep a single CSR lying around and always use the same one for as long as the key is valid.

As far as I know, there is no reason to repeatedly generate CSRs from a single private key. I'd love to be corrected if I am wrong.


Solution 3:

The main benefit of having limited-duration certificates is to reduce the damage if your private key is leaked. Somebody possessing the private key can otherwise impersonate being you forever if you reuse the CSR, because re-using the CSR implies reuse of your private key as well.

Please don't do that, it's better to automate generation of both the private keys as well as the CSRs and find convenient ways to distribute the ever-changing private keys to application build servers and push servers. Most mere mortal developers would normally never need to do a release/distribution-build for the app store anyhow, so won't need the private keys.

Tags:

Ssl

Csr