Skip to main content

Set a keypair expiry date

The keypair expiry workflow enhances crypto agility and improves security. Standard keypairs can now be set to expire on a specific date, upon certificate expiration, or remain non-expiring as before. Setting expiry dates help maintain security, ensures compliance with industry standards, and preserves trust in your code's integrity.

To set an expiry date for a keypair:

  1. Sign in to DigiCert ONE.

  2. Navigate to the Manager menu (top right) > Software Trust.

  3. Select Keypairs.

  4. Click the keypair alias you want to update.

  5. Select the edit icon next to Keypair validity.

  6. Select one of the following options:

    1. Match keypair and certificate expiry dates

      Select to set the keypair's expiry date to the same date that your default certificate for the keypair expires.

      Note

      The keypair will expire at midnight (UTC) of the same day your certificate expires.

    2. Select an expiry date

      Select to set a specific expiry date for your keypair. The keypair will expire at the end of the day you selected, precisely at midnight (UTC).

    3. Never expire

      Select to keep your keypair active until you manually add an expiry date.

  7. Click Update.