Skip to main content
Table of contents

Rotating your keys and certificates

When the certificates containing your public keys are due to expire, you must rotate them. If you do not, your users will not be able to access your service using GOV.UK Verify.

Certificate rotations are independent of each other, so you can rotate more than one certificate at the same time. You need to follow a different process for each type of certificate.

As a government service you are responsible for maintaining the encryption and signing keys and certificates for your service provider and Matching Service Adapter (MSA), if you are running one. Your service provider could be the Verify Service Provider (VSP) or another service provider.

This page was last reviewed on 27 January 2020. It needs to be reviewed again on 27 May 2020 by the page owner #verify-developers .
This page was set to be reviewed before 27 May 2020 by the page owner #verify-developers. This might mean the content is out of date.