https key

as the key is the way to prove you are that website there is no trick or such to get it (else everyone could just do that).

you need to get the original created one. if you cant get to the load balancer (why not?), perhaps it is on the webserver also? or it is still somewhere else were it was saved during creation.

if not then you better get a new certificate fast.

thanks that was helpful , one more query , if I generate new certificate for same application which is already being used on different LB , will it not give error when we request for new certificate by submitting CSR

where do you expect an error? with the company that creates the certificates or on your clients or?

personally i dont expect an issue.

We have a live site which is using certificate installed on our old LB which is in our old datacentre We are planning to migrate the website to new data centre on new loadbalancer , as prepration we want to have https certificate ready on our new site , on migration day we will just disable the rule on old load balancer and insert certificate in VS in new load balancer .

My doubt was when we ask for new certificate from service provider , I dont want them to delete the old cerificate as site is still live my understanding is each CN can have only one OU . Hope I am able to explian

A few things:

1. A CSR is generated from a private key. Without access to the private key, you cannot generate a new certificate to match that private key.

    

2. If you don't have access to the private key, then as Boneyard stated, you need to get a new certificate and private key. Now you may not be able to get a new certificate for the SAME common name from the SAME CA, but you can certainly get a certificate from another CA vendor for the same common name. The only thing that really matters here is that the browser used to access the site explicitly trusts the issuer of your new server certificate, by virtue of its installed CA certificates.