OpenSSL - Debian - Apache
I've got to generate a new CSR to install a new SSL Certificate. I know I can generate one off of the existing Private Key, but assume it's a good idea to generate a new one of those at the same time (?), if I do that I don't want to have to input a password every time Apache starts.
If my key is currently domain.com.key and CSR domain.csr, then running the following would replace both and give me what I need?
openssl req -nodes -newkey rsa:2048 -keyout domain.com.key -out domain.csr
Since I have to pass the CSR to someone else in the org who deals with obtaining the certificates, then this would mean they would be inaccurate whilst I waited for the certificate to reach me (?) - so if I called them different filenames at this stage of the generation, what "gotchas" would I have look out for when I did come to install the certificate? Any "standard" places where a different filename would be an issue?