You should remove all signed certs and CSR's after the new one is fully tested. Just for cleanliness …But don't delete gkcert cert/key and ca-cert.pem. These are the default delivered certs. If your system had a problem and had to rollback to the default (possible revocation ) it would need to roll back to our internal cert. If deleted I am not sure if the GUI could load enough to recover.