All Products
Search
Document Center

Certificate Management Service:Do I need to redeploy a root certificate after my SSL certificate expires?

Last Updated:Mar 26, 2025

A root certificate is a public key certificate issued by a certificate authority (CA) and is the start of a certificate chain. A root certificate has an independent validity period, which is not affected by the expiration of a chained certificate.

The following list describes when redeployment is required and when it is not required:

  • Redeployment not required

    For specific SSL certificates, root certificates are pre-installed in mainstream web browsers, such as Google Chrome, Mozilla Firefox, and Microsoft Edge, most operating systems, such as Windows and macOS, and mobile devices that run mobile operating systems, such as iOS and Android. When the root certificates expire, the CAs automatically update them.

  • Redeployment required

    For clients that do not have root certificates pre-installed, such as apps, Java clients, browsers of earlier versions, and Internet of Things (IoT) devices, the root certificates may change if you change the brands or types of SSL certificates when re-purchasing the SSL certificates, or when the root certificates of CAs expire. To address this issue for a client, you must manually download the root certificate of the same type as the server certificate and manually install the root certificate to the client.

    For more information, see Download a root certificate.