The service periodically (with configured interval) connects to the configured peer system using a Peer Connector and checks the expiration of visible, usable and enabled Internal Key Bindings' certificates. For renewal to work, the issuing CA has to be usable on the system where this service is running and the same end entity that was used to issue the previous certificate must still exist.
- Time before certificate expires: How long before the current bound certificate expires it should be renewed.
- Renew key pair: Option to renew the key pair automatically before issuing a new certificate.