We noticed in the *oxauth.log* that our oxAuth signing certificates have expired. There is **nothing** in oxTrust about the expiration. This has impaired our production environment, since we cannot use the introspection endpoint with expired certificates.
2020-02-13 16:21:02,551 WARN [qtp804611486-15] [org.xdi.oxauth.model.crypto.AbstractCryptoProvider] (AbstractCryptoProvider.java:219) -
WARNING! Expired Key with alias: 88bd81c3-eb69-428f-a0ea-1ae94728bd5b
Expires On: 2020-02-12 20:19:18
Today's Date: 2020-02-13 16:21:02
We looked at the [Certificate Management documentation](https://gluu.org/docs/ce/3.1.6/admin-guide/certificate/). The /etc/certs directory has both *oxauth-keys.jks* and *oxauth-keys.json* files, but the documentation only briefly references the *oxauth-keys.json* file, but it does not explain this file at all. The documentation also specifies to use the *oxauth-client.jar* tool in order to create keys. No where in the documentation does it tell how we should go about correctly renewing the oxAuth certificates.
There are twelve certificates, with different algorithms. Are we supposed to modify the certificates in both the *oxauth-keys.jks* and the *oxauth-keys.json* files?
What is the documented oxAuth certificate renewal process?