FAQ: Expired S/MIME Certificates

Will I be still able to sign email messages when my S/MIME certificate expires?

If you sign an email message with an expired S/MIME certificate, it will not be trusted by your recipient’s client software. You should renew the certificate and configure your email software to use the replacement before it expires.

Will my old signed email become untrusted when my S/MIME certificate expires?

As long as you signed an email message within the validity period of your S/MIME certificate, your recipient’s email client software should continue to trust it after the certificate itself expires.

Will contacts be able to send me encrypted email when my S/MIME certificate expires?

When your S/MIME certificate expires, your contacts will no longer be able to send you encrypted mail using that certificate. However, if you renew your certificate and send them a signed message, their client software will save the new certificate and use it in the future to encrypt messages sent to you.

Will I be able to read old encrypted email when my S/MIME certificate expires?

Yes, as long as you do not delete your old certificate and private key from the certificate store in your OS or email client software.

Should I delete my expired S/MIME certificate and private key when I renew it?

No. Your old S/MIME certificate and key are required to decrypt and read messages that were encrypted when the certificate was valid, so you should not delete them. You should also export and re-install all past and present S/MIME certificates and private keys associated with an email address when migrating to another system.

Subscribe to SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.