...
Openssl will create one key at a time where as utilities such as IBM's ikeyman can create both in one step. The private key is needed to complete the CSR. When it comes time for renewal, you can use your existing private key to generate the CSR and public key OR generate a new one.
| Info |
|---|
There is no clear consensus on whether creating a new or using an old private key is considered best practice. It is not necessary to create a new private key depending |
...
on which web server you are using, (ie you'd need to create new private keys due to the way Microsoft IIS Web server handles storing private keys) but it seems the many sites like sslshopper.com recommends that a new private key be created as it avoids confusion and is simplest. |
Info
Generate Server Private Key
...