After connecting to a secure payment server at https://pay.xyz.com, an auditor notices that the SSL certificate
was issued to *.xyz.com. The auditor also notices that many of the internal development servers use the same
certificate. After installing the certificate on dev1.xyz.com, one of the developers reports misplacing the USB
thumb-drive where the SSL certificate was stored. Which of the following should the auditor recommend
FIRST?

A.
Generate a new public key on both servers.

B.
Replace the SSL certificate on dev1.xyz.com.

C.
Generate a new private key password for both servers.

D.
Replace the SSL certificate on pay.xyz.com.