Skip to main content
Version: Next

Renew unit certificates

Digital certificates play a critical role in ensuring secure communication between the unit and other systems. They are used to authenticate the unit’s identity, protect data integrity, and establish encrypted connections. Over time, certificates may need to be renewed to maintain trust, comply with security policies, or reflect changes in configuration or ownership.

Managing unit certificates

Once a unit is provisioned, the OEM user gains full access to certificate management functions. This includes the ability to view, generate, and renew certificates associated with the unit.

Click generate

From the unit details interface, the OEM can view a comprehensive list of all certificates currently stored on the device. Each certificate entry includes key metadata such as issue date, expiration date, and certificate number.

When to renew certificates

Although certificates have a long validity period—typically 10 years—there are scenarios where manual renewal may be required:

  • Security policy updates: Organizational policies may mandate periodic renewal regardless of expiration date.
  • System migration: When migrating a unit to a new backend or server infrastructure.
  • Credential rotation: To reduce risk in case of potential private key exposure.
  • Manual override: If the automatic renewal process was interrupted (e.g., the unit was offline for an extended period).
  • Auditing and compliance: To meet regulatory requirements for cryptographic hygiene and lifecycle management.

How renewal works

The renewal process is flexible and can be performed in two ways:

  • Bulk renewal: All certificates on the unit are renewed at once.
  • Individual renewal: Specific certificates can be selected and renewed as needed.

Renewal can be initiated directly from the unit interface by clicking the "Generate" button.

Automatic certificate renewal

By default, each certificate is valid for 10 years. As long as the unit remains online, certificates are automatically renewed prior to their expiration. This ensures continuous operation without user intervention.

If the unit goes offline, automatic renewal is temporarily paused. Once the device reconnects to the network, the system will automatically update the necessary certificates. It’s important to note that each renewal generates a new certificate number, which may be relevant for tracking and audit purposes.