ASP certificate rotation

The lifetime of the ASP certificates is limited and depends on the certificate type:

  • The lifetime of the ASP leaf certificate should not be longer than 5 years.
  • The lifetime of the ASP root certificate and of the intermediate certificate should not be longer than 10 years.

Because of their limited lifetime, the certificates should be renewed on a regular basis, before they expire. The process for renewing the certificates involves the following steps:

  1. OneSpan informs the ASP about the upcoming expiry of the ASP certificates, and prompts the ASP to renew the certificates.
  2. The ASP generates a new ASP certificate or certificate chain, and provides it to OneSpan.
  3. OneSpan installs the new certificate chain in the TID platform, but also keeps the current certificate chain active during a grace period.
  4. OneSpan removes the current certificate chain from the TID platform before it expires.