When your certificate nears its expiration date, you will get email notifications of the impending expiration starting 30 days prior. To be on the safe side, we recommend that systems and/or application administrators monitor their services for SSL certificate expiration as well.
We recommend requesting a new certificate before your old certificate expires. A new certificate will have a different private key than the old certificate, which provides another layer of protection against attempts to break the encryption. To learn more, and request another certificate, see the SSL Certificate Learning Map.
If you need to revoke a certificate (e.g. if you have replaced a cert that was on a heartbleed-vulnerable server), you can use the InCommon Certificate Service revocation form. The fields you need to enter should be included in the email you received when the cert was issued. If that doesn't work, or you no longer have the issuance email, you can send email to firstname.lastname@example.org with the certificate Common Name (server name) and some means of identifying the specific certificate to revoke, such as Order Number, expiration date, or certificate serial number.