On one occation I have generated a new certificate for the same domain name using a different CSR. If Verisign allows that you should be able to follow the procedure below.
This is cut from a previous post by Jon Greene
My advice would be that you NOT generate the CSR on the controller, because we specifically make it very difficult (if not impossible) to get the private key off the controller.
If you want to use the same certificate on multiple controllers, I would suggest following this workflow:
1. Find a Unix box with OpenSSL on it
2. Generate the private key
3. Generate the CSR, using your desired hostname as the CN
4. Get the certificate from the CA
5. Put the certificate and private key back together as a PFX / PKCS#12 file, which will be password protected
6. Load the resulting file on all your controllers
There are lots of resources online to tell you how to do these common OpenSSL operations. The one I typically refer to is here:
http://www.sslshopper.com/article-most-common-openssl-commands.html.
I'll cut and paste the important bits:
* Generate a new private key and Certificate Signing Request
* openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
* Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
* openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
---
Jon Green, ACMX, CISSP
Product Manager, Security
Aruba Networks