Re-keying an SSL certificate refers to creating a new private key for your certificate, which is used in the process of encrypting and decrypting data sent from and to your website.
Re-keying is only available to certificates installed on customers' own servers. Certificates installed on any of our services never need to be re-keyed.
By creating a new private key, you invalidate your certificate's old private key; this means you must install your new, re-keyed certificate within 72 hours of re-keying.
You should re-key your SSL certificate when:
Before you can re-key your SSL certificate, you must generate a new certificate signing request (CSR) from your Web server. For instructions, see Generate a CSR (certificate signing request).
The information in your new CSR must be identical to the information for your existing certificate, i.e. you cannot change the organization's information (although you can change the domain name you're securing). If you need to change your certificate details, you must revoke the certificate in your account, purchase a new SSL credit, and complete the SSL request again.
We automatically deactivate the previous certificate when we issue the new, re-keyed certificate. Do not revoke unless you are certain you want to cancel the existing certificate. When you revoke, the SSL credit is canceled and you cannot re-key the certificate.
Your newly re-keyed certificate is immediately available for download (more info).
We'll remove the old certificate from our system within 72 hours. To ensure continuity of service, you must install the re-keyed certificate immediately (more info).