6.6 Certificate renewal

If a certificate policy is set to Automatic Renewal, MyID creates a job to renew the certificate when it comes within a specified number of days of expiry. The number of days is specified in the TaskCountdown table; see section 13.3.1, Triggering the notification for details.

When MyID performs a certificate renewal, a re-key will also take place (a new key will be generated, and the new certificate issued against the new key). If any changes to user data that appears on the certificate have taken place, the updated user data will appear on the new certificate.

If the certificate renewed is also present on any other devices, an update job is automatically created for these devices so that they will recover a copy of the new certificate.

Note: The original certificate is allowed to expire – it is not revoked.

Users can collect certificate renewal jobs in the following ways:

The behavior of archived and non-archived certificates is different, and also the behavior of devices with managed containers (such as PIV cards) and non-managed devices.

For non-managed devices:

For managed devices:

6.6.1 Credential lifetimes and certificate renewal

The lifetime of the smart card, as configured in the credential profile, may have an effect on your certificate renewals.

Note: There is no automatic process for renewing smart cards like there is for renewing certificates. However, if the certificates expire within the Card Renewal Period window, this triggers a notification that the card holder must request a replacement smart card.

6.6.2 Known issues