Sean,

These are the instructions from Cisco TAC that worked for us last time 
we renewed our certs.  Maybe something here will help you?

====================
1) From CAM web console, manage the CAS, go to the Certs section and 
export the current private key, then the certificate.

Save this somewhere safe.

2) During a maintenance window, generate a new temporary certificate for 
the CAS using the UI.  Please make sure that you fill all the fields 
correctly.  Once the new certificate is generated, export the new 
private key and a CSR (certificate signing request).

3) During the same maintenance window, import back the old private key, 
and certificate, verify and upload the cert and restart the CAS (service 
perfigo restart or reboot whichever is easier).

4) Send the CSR obtained in step#2 for signing.  Once you receive the 
signed cert back, perform step #3 except with the new private key and 
the newly received signed cert.  And restart the CAS.
=======================

Kurt




Hennessey, Sean wrote:
> Hi Nate -
>
> When I've tried to generate a new CSR I've gotten an error saying that
> the request was previously used. I'm pretty new to the Cert game, so if
> you can point me in the right direction I'd really appreciate it. I'm
> pretty sure that my getting it to work properly two years ago, when we
> implemented NAC originally, was a fluke! :)
>
> - Sean
>
> ----
>
> Sean Hennessey
>
> Networking and Information Security Systems Administrator
>
> The University of Portland
>
>