Key Manager can be configured to automatically renew service certificates before they expire so the service operations are not interrupted because of certificate expiry. The renewal time can be set to happen a defined number of hours before expiry. At this renewal time ADSS Server sends a certificate signing request (CSR) to the CA (Local or External) who signed the key for the first time.

To use certificate auto renewal  the renewal period time must be entered in this screen:

For X.509 certificate, same public key is certified during the auto renew process and a new key pair is not regenerated.


However, for CV certificates used in E-Passports, a new key-pair will be generated as its a re-key process.

See also

Crypto Source
Key Templates

Service Keys
Certificate Groups
Auto Renew Certificates
Default DName
Alerts