I learned a quick, silly lesson today. I run some servers that tunnel using openvpn to facilitate our single sign on. I've migrated one before, and at the time, I foolishly did not create a new certificate/key pair for the new server and re-used the old one.