I'm in the process of renewing a SSL cert for a website. I just want to clarify when I'm generate a CSR, what key should I be using, is it the private key of the expiring (current) certificate, or I have to generate a new private key.
I have heard that people who has visited my website before will not be able to visit the website again if a new SSL certificate with a new private key is installed in the website, unless those people clear their Internet cache. Is that true??
I'm using ModSSL for the webserver and OpenSSL for generating CSR and keys.
I've renewed many keys in the past. When you generate the CSR, it creates the private key which you will always use. All you need to do is renew the public key via purchasing from wherever.
I haven't seen a problem with Internet Cache and new keys. In fact, I just renewed the SSL certificate for our client control panel seemlessly. No need to clear the cache, and none of our clients suffered any problems. So you shouldn't have to worry.