Hi.
By this article
We insert a new certificate and remove the old one.
But doing so, won't the old data created be unable to decrypt now?
So must we first decrypt the data in another location and then insert it again using the new certificate?
That seems like a lot of work.
Also I've read that the certificate will work even expired? Is that true?thanks.
Of course you can use a certificate that expires in 100 years but that kind removes the point of data protection rotation.