Both options should be fine as long as you continue to make sure that the documented requirements are met (i.e. make sure that if you select to generate a new key it's still exportable like the old one, and that the vdm friendly name is removed from the old cert and placed on the new one).
↧