We did this when we rolled out CAS 5 as well. New servers, new DNS names,
the whole deal.
To answer your specific questions:
1. We generated new ones. I don't think you have to, but it just seemed
to make more sense to "start fresh" so we knew what components we had
installed.
2. It w
We're finally getting up to CAS 5.3.x, and for a variety of reasons, we
built a new server with a different host name. As part of the transition,
we'll be updating the "Third-party identity provider" settings in Google
Apps with the new URL and keys.
As I'm sure others have gone through this, so I