What if I generate CSR with heartbleed-bug affected version?

Question

I have updated openssl to remedy heartbleed-bug, but again if I generate CSR with affected openssl version and install it on fixed version, will this cause any issue?

Answer 1

If the machine with the vulnerability generating the CSR is connected to any networks, it is an issue.

Heartbleed allows a machine to leak information silently through the TLS heartbeat functionality. Any information that has been in memory on that machine could have been obtained by someone if it's on the network. The CSR itself is no different than one generated on a non-vulnerable machine, it's just that the private key may have been leaked (and you should assume as much).