08-07-2018 10:54 AM
It can be simple, but it depends on the CA. I'm not all that familiar with how Thawte works these days, but most public CAs have the option of just renewing now instead of having to submit a new CSR.
If you do have that option at Thawte, have them issue the new certificate to you. When you get the PEM or DER cert, just import it using the exact same name as the one you're renewing. When you do that, the import overwrites the public key only, leaving your existing private key in tact.
If Thawte requires a new CSR, then it gets more complicated. I find it easier to just generate a brand new CSR and just update the certificate profiles and such to the new cert. If you still have the original CSR you submitted to Thawte, you can actually resubmit that same one and the signed cert should import just fine.
