Rotating the ASP certificates
The lifetime of the ASP certificates is limited:
- The lifetime of the ASP leaf certificate should be at most 5 years.
- The lifetime of the ASP root, and intermediate certificate should be at most 10 years.
Therefore, the certificates should be renewed on a regular basis, before they expire. The procedure for renewing the certificates involves the following steps:
- OneSpan informs the ASP about the upcoming expiry of the ASP certificates, and the need to renew the certificates.
- The ASP generates a new ASP certificate or certificate chain, and provides it to OneSpan.
- OneSpan installs the new certificate chain in the TID platform, but also keeps the current certificate chain active during a grace period.
- OneSpan removes the current certificate chain from the TID platform prior to expiry.