Expand my Community achievements bar.

Service Account (JWT) public certificate and a private key pair expiration can be postponed?


Level 3

Hi community, 


as i read through the documentation it seems like it's not possible to postpone the expiration date of the certificate key pairs. 

So the only way it's to replace it? 


Thanks, i wanted to know if there is a way to not replace the cert.


Topics help categorize Community content and increase your ability to discover relevant content.

2 Replies


Level 1

That's correct, typically you cannot extend the expiration date of a Service Account (JWT) public certificate and private key pair. The standard approach is to generate a new pair and replace the old one before it expires to ensure uninterrupted service.



Veera Tech.


Level 3

Hi @Nick_2024 ,


The expiration date of a public certificate and private key pair cannot be postponed. When a certificate is generated, it's issued with a specific validity period, after which it expires. This is a security measure designed to ensure that cryptographic keys are regularly updated, reducing the risk of unauthorized access or compromised security.

Once a certificate has expired, it's no longer considered trustworthy, and systems relying on it may reject connections or transactions. Therefore, the standard practice is to replace the expired certificate with a new one before it expires.

Postponing the expiration date of a certificate defeats the purpose of having expiration dates in the first place and would undermine the security benefits provided by certificate rotation.