(DC) Managing Certificates
Backup your Certificates
You are responsible for backing up your own certificates. Treat your backups as sensitive data, particularly your signing certificate. Departmental desktop support personnel can help you create backups, but should not keep the backups for you. Refer to procedures for (DC) [Windows] Back Up or Move Digital Certificate and procedures for (DC) [OS X] Export / Back Up Digital Certificates.
Backing up a certificate allows you to:
Move certificates to another computer.
Restore certificates to another or same computer.
Table of Contents
Backup Certificates to Stache
A safe and secure location to backup certificates is . This is a secure service provided by the .
If you have any reason to think that someone has access to your private keys, you should have your certificates revoked and regenerated. See below (Revoking Certificates).
Renewing Certificates
SSL Certificate | 398 days (default is 1-year or 365 days) |
Client Digital Certificate | 3 years |
Visit Digital Certificates to obtain a new certificates. Most certificates require regeneration and can not be "renewed".
DO NOT delete old certificates!
Do not delete old certificate files when you install the new ones. If expired certificates are deleted, content encrypted with the expired certificate will not be accessible. While you will not be able to use those expired certificate to create new signatures or encrypt new information, they are required to access previously signed or encrypted information.
Revoking Certificates
If you lose your computer, if you think that the media for your certificate backup has been accessed by someone other than yourself, or if you have any other reason to think that someone has access to your private keys, you should revoke your certificates.
DO NOT delete old certificates!
Do not delete old certificate files when you install the new ones. If expired certificates are deleted, content encrypted with the expired certificate will not be accessible. While you will not be able to use those expired certificate to create new signatures or encrypt new information, they are required to access previously signed or encrypted information.
SSL Certificate | Contact the help desk, TSC or the ISO for assistance. |
Client Digital Certificate | Click the button below, and log in with your UT EID user name and password. You will see a list of all certificates for which you are enrolled, as well as expired and revoked certificates.
If you are revoking your certificates due to a security breach or stolen or missing computer, please also notify the Information Security Office, if you have not done so already. |