Updating Encryption and Signing Certificates
The public certificates that were exchanged between you and your trading partner will inevitably expire and require new certificates to be exchanged and implemented.
AS2 requires both sides of the partnership to update corresponding certificates at the same time so that communication outages are minimized.
For example, if your certificate is going to expire then your trading partner should apply the new public portion of your certificate at the same time as you apply your updated certificate. If your trading partner's certificate is going to expire then you should apply their public certificate at the same time as they apply their updated certificate.
You do not need to update your own certificates when a trading partner's certificate expires, and vice versa. You only need to update and exchange the corresponding portions of the expiring certificate.
When the certificate associated with your AS2 Identity expires, you will need to exchange the public portion of your new certificate with every trading partner connected to that AS2 Identity.
When a trading partner's certificate expires, you will need to import the new public portion of their certificate into the Trading Partner configuration that corresponds to the trading partner.
You and your trading partner should coordinate prior to a certificate's expiration and plan on a mutually agreed upon change window to apply the updated certificates.
If a test/dev site is available to you then any certificate changes should be tested and verified on the AS2 configuration of your test/dev site prior to applying to your production site. You can also use a test/dev AS2 partnership connection, where you and your trading partner have agreed upon test/dev AS2 Identities for testing purposes.