The certificate is not necessarily associated with a particular machine. To be able to "use the certificate" on the machine, you need two things: the certificate itself and its private key. You should have generated the private key along with the CSR (depending on which tools you used).
Some systems do not allow you to retrieve the private key (for example, Windows has the ability to import the private key so that you can no longer export it, but, as I understand it, this can be circumvented if you have sufficient access rights on this machine). In cases where you use a smart card or a hardware token, the private key can be generated in such a way that you cannot extract it (in this case, moving the token to a new machine will make sense, if necessary).
The other part is the certificate and its name. The host name in the certificate (which is also common in CSR, although this is ultimately not necessary) should be the host name of this computer, as seen from clients trying to connect to it (see RFC 2818 Section 3.1 for details on hostname verification for HTTPS). Thus, although the certificate itself is not tied to a specific machine in terms of hardware, it will be tied to this host name (which allows, for example, changing the hardware for this device or its IP address).
Bruno
source share