When renewing a certificate it is not necessary to generate a new csr. This is possible by maintaining the same private key.
When received the renewed certificate from the 3rd party certification authority, we can try to import it and assign the private key from the management console (mmc -> certificates).
One of the options that are shown when right clicking the certificate is “Renew This Certificate with the Same Key”:
Instead we can import the certificate and then assign the corresponding private key
Assign private key using certutil
This command can be used with the -repairstore switch to assign the corresponding private key to it.
certutil -repairstore my <certificate serial number>
This would be the result of the command:
C:\>certutil -repairstore my 4cc8ac76a9d118430000000050db339a my ================ Certificate 5 ================ Serial Number: 4cc8ac76a912345600000050db339a Issuer: CN=Entrust Certification Authority - L1K, OU=(c) 2012 Entrust, Inc. - fo r authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US NotBefore: 24/01/2017 10:54 NotAfter: 20/02/2018 11:24 Subject: CN=*.domain.com, O=MyOrg, L=MyCity, S=MyRegion, C=ES Non-root Certificate Template: Cert Hash(sha1): 12 34 56 78 fd ad fa ac 83 97 1d d3 e4 28 01 12 34 56 78 00 Key Container = le-0c4abe60-d89d-4ebd-afe2-8f7329e32c49 Unique container name: cbcdbb8d8c1e0dc84c1da529ddd00686_9bfb925-8386-487d-843 7-84bfb8501d68 Provider = Microsoft Enhanced Cryptographic Provider v1.0 Encryption test passed CertUtil: -repairstore command completed successfully.