Extend user certificate
Each certificate has a limited validity period, after which it can no longer be used for signing or encryption. The start and end dates can be viewed in the certificate store of the operating system or the mail software. Certificate owners are responsible for renewing their own certificates before the expiration date has been met.
In principle, the process is exactly the same as when applying for the first user certificate according to the IT Service Centre Instructions (see also DFN-PKI FAQ items 12, 13 and 14). When configuring the e-mail client, make sure that only the new certificate for e-mail signing and encryption is selected, as the old certificate is still available.
The old certificate, including the associated private key, should be kept in the certificate store parallel to the new one for as long as possible. A final deletion from the memory is recommended only if the certificate has already been expired for some time and is no longer needed to decrypt previously received emails (or other files) . After deleting this is no longer possible!