Two SSL certificates with same key

security ssl cryptography encryption

Solution 1:

Re-using the same private key to generate a new certificate request technically doesn't increase your risk exposure. Essentially the same public key is being used, but the x509 headers are changed with the updates site name, dates, or whatever other changes there are between the two certificates.

Stepping back, you should analyze the reason for not regenerating the private key when renewing a certificate/requesting a new certificate. Although current encryption algorithms cannot be broken, then longer you use the same private key, the more information is encrypted with that key, and the larger the pool of data will be for any future crypto-analysis. (Although in reality a session key encryption a majority of the data sent between clients, there still is technically more sessions being security with the same public/private keypair, so the same principle is applies).

As a general practice, it is best to generate a new private key when certificates are up for renewal.

Solution 2:

Short answer is no.

The only case visible to me - if somebody can steal private part of one cert or factorize it, he will be able to decipher both sites.

Related

Determine Apache version on Windows?
With a username passed to a script, find the user's home directory
Forwarding apache requests (port 80) to Tomcat (port 8080)?
NFS access from multiple networks
DNS Root-Server: Is there one Central Root-Server to query the Rootservers itself?
Postfix on linux not sending mail
Specifying a log name for screen output without relying on .screenrc
Why am I seeing webmin in lsof output?
How do you approach centralised patch management for Linux?
Dell Perc 6/i Raid Monitoring on Linux 2.6.32-2x kernels
Product Recommendation: Good job scheduler for windows servers? [closed]
Testing clock skew of multiple servers