ASP certificate rotation
The lifetime of the ASP certificates is limited and depends on the certificate type:
- The lifetime of the ASP leaf certificate should not be longer than 5 years.
- The lifetime of the ASP root certificate and of the intermediate certificate should not be longer than 10 years.
Because of their limited lifetime, the certificates should be renewed on a regular basis, before they expire. The process for renewing the certificates involves the following steps:
- OneSpan informs the ASP about the upcoming expiry of the ASP certificates, and prompts the ASP to renew the certificates.
- The ASP generates a new ASP certificate or certificate chain, and provides it to OneSpan.
- OneSpan installs the new certificate chain in the TID platform, but also keeps the current certificate chain active during a grace period.
- OneSpan removes the current certificate chain from the TID platform before it expires.