US Patent 11283629 Automated replacement of renewable server certificates

Certain aspects and features provide an automated process for a server switching from existing digital certificate that is expired or about to expire to a new digital certificate signed by a trusted certificate authority (CA). During initiation of an encrypted communication session, for example, during a transport layer security (TLS) handshake, upon receiving a client hello message, the server determines whether it is using a renewable digital certificate. If so, the server automatically creates and sends a certificate signing request; receives a new, CA-signed digital certificate; and replaces the existing digital certificate in its key store with the new digital certificate. The server then includes the new digital certificate in the server hello message sent back to the client to establish the encrypted communication session.