On of our customers is sadly moving out to a new provider. They have an SSL certificate linked to their site. The new hosting company, also want's this certificate.
Are there any (security) risks for me, if I export this certificate (to a .PFX) and give it to the other company? Are there reason not to do this?
"Not sure if it contains something (in the private key) from my server specific "
Nothing server specific that would compromise anything even if the server was the one that did the original CSR. I wouldn't send the cert to the other hosting company though. I'd provide it to the customer and let them do that interaction.
See here for further reading: Must CSRs be generated on the server that will host the SSL certificate?
There’s no reason not to send a certificate for a website to the new site host.
However... if the current certificate was a wildcard certificate or contained a large number of SANs then I’d probably generate a new certificate with just the required site addresses to minimise potential issues with a malicious actor who gets access to their systems spoofing sites under your domain. (I realise this probably doesn't apply in your specific case here but its worth checking just in case, and I'm mostly including this part as generic advice for people looking in the future.)
As a matter of best practices, in your position I would send all details to the customer rather than the new hosting company, and I’d also ensure the certificate and private key were encrypted during transit.
