Rotating your keys and certificates
When the certificates containing your public keys are due to expire, you must rotate them. If you do not, your users will not be able to access your service using GOV.UK Verify.
Certificate rotations are independent of each other, so you can rotate more than one certificate at the same time. You need to follow a different process for each type of certificate.
As a government service you are responsible for maintaining the encryption and signing keys and certificates for your service provider and Matching Service Adapter (MSA), if you are running one. Your service provider could be the Verify Service Provider (VSP) or another service provider.