The certificates expire after two years. You need to note when the certificate expires, and ensure you send us the certificate 1 month in advance. If your certificate expires 1st of February, you should have sent the certificate to firstname.lastname@example.org 1st of january.
The key is having visibility and good lines of communication so you can get out ahead of expiration.
- Consider a Certificate Inventory Tool: consider using a tool that locates the SSL Certificates on your internal and private networks. There are some tools available where you can run reports on usage, upcoming renewals, configurations, and issuing CA.
- Expiration notifications: consider sending expiration notifications at set intervals starting at 90 days out. Make sure that you set these reminders to be sent to a distribution list and not just a single individual. The Point-of-Contact you used when getting the certificate issued may not be there by the time it expires.
- Identify communication channels: Identify the proper channels to escalate reminders as the expiry date approaches. For instance, at 90 days out you might want to have the notification sent to your distribution list. At 30 days you send it to both the list and now your IT Manager gets looped in.
- Do a certificate inventory: Do a full scan of both your public and internal networks as it makes you aware of everything you’re working with so you can be prepared for when the certificate ordered is up for renewal.