How Do I Renew an Expired Digital Certificate?by Jackie Lohrey
A digital certificate works much like a physical identification card, such as a driver’s license. A third-party company, or certification authority that specializes in digital security, verifies application information and then issues a digital certificate. The certificate contains information about the applicant and the company issuing the certificate. Digital certificates are valid for a period of one to two years, depending on the certification authority, and require renewal to remain valid. An expired digital certificate will result in loss of protection for both the certificate holder and existing or potential customers.
How It Works
Digital certificates use an encryption system to transform and protect data transmissions. Information encryption occurs using at the sending site with a public key and decryption occurs at the receiving site with a private key. An optional timestamp will identify the day and time of issue, ensuring the digital signature is valid, even if the certificate expires. If the certificate authority does not offer timestamping, all digital signatures made using the certificate become invalid after the certificate expiration date.
Any website that requests your personal information should have a valid digital certificate. One indication that the website is secure is the appearance of a dark green bar in the address bar along with URL initials "https" versus the traditional "http."
Every digital certificate has an expiration date. Digital certificate renewal and issuance of new keys help to prevent deciphering of key combinations and theft of private information. Approximately 90 days before the expiration date, the certificate holder will receive a notice of expiration, along with information on how to renew and receive a new encryption key. If renewal does not take place within this time frame, the certificate expires and visitors to the website receive a warning message.
Renewing Expired Certificates
Whether renewing before or after the expiration date, the certification authority verifies current information and issues new keys. Some certification authorities have a small window of time within which they will restore the digital certificate without requiring the holder to repeat the initial application process. After this time, renewal requires full “vetting” before the digital certificate can become valid. For example, at Go Daddy the standard policy is a 30-day window for renewal of an expired certificate. After 30 days, the holder must resubmit all information and go through the verification process before Go Daddy will renew the certificate and issue a new key (See References 1). Other certification authorities, such as GlobalSign, require the holder to renew prior to the expiration date or file an application for a new certificate.
If renewing an expired digital certificate within an acceptable window of time, the process can be complete as a normal renewal. Access your user account and follow renewal instructions. If the certification authority does not allow renewal of expired certificates, you will receive instructions to complete a new application.
The biggest disadvantages to allowing a certificate to expire are potential loss of business and the time it will take to receive a new certificate. Visitors to the website receive a message via a pop-up box stating that verification cannot be completed and their information may not be secure. While visitors have the option to continue regardless of potential security risks, many will choose not to. Renewing a digital certificate is a simple process that can be complete within a few hours and ensure seamless continuation of secure data transmissions. Allowing a digital certificate to expire will require additional time to verify information, adding days to the potential for loss of business.