When renewing a certificate it is not necessary to generate a new csr. This is possible by maintaining the same private key.
When received the renewed certificate from the 3rd party certification authority, we can try to import it and assign the private key from the management console (mmc -> certificates).
One of the options that are shown when right clicking the certificate is “Renew This Certificate with the Same Key”:
However, attempting to use it may return the error
Instead we can import the certificate and then assign the corresponding private key
Import certificate
To import it, we open the certificate (on local computer) and import it into the personal store
Now we have it in the computer personal store but without private key
Assign private key using certutil
This command can be used with the -repairstore switch to assign the corresponding private key to it.
certutil -repairstore my <certificate serial number>
The serial number can be obtained in the details section of the certificate:
This would be the result of the command:
C:\>certutil -repairstore my 4cc8ac76a91234560000000050db339a
my
================ Certificate 5 ================
Serial Number: 4cc8ac76a912345600000050db339a
Issuer: CN=Entrust Certification Authority - L1K, OU=(c) 2012 Entrust, Inc. - fo
r authorized use only, OU=See www.entrust.net/legal-terms, O=Entrust, Inc., C=US
NotBefore: 24/01/2017 10:54
NotAfter: 20/02/2018 11:24
Subject: CN=*.domain.com, O=MyOrg, L=MyCity, S=MyRegion,
C=ES
Non-root Certificate
Template:
Cert Hash(sha1): 12 34 56 78 fd ad fa ac 83 97 1d d3 e4 28 01 12 34 56 78 00
Key Container = le-0c4abe60-d89d-4ebd-afe2-8f7329e32c49
Unique container name: cbcdbb8d8c1e0dc84c1da529ddd00686_9bfb925-8386-487d-843
7-84bfb8501d68
Provider = Microsoft Enhanced Cryptographic Provider v1.0
Encryption test passed
CertUtil: -repairstore command completed successfully.
After which we can see that the result has been satisfactory