I understand the purpose of rotating certificates. It is security.
But I wonder if a rotated certificate can decrypt a value that was encrypted before the rotation?
If not, does "rotation-software" help you with decrypting and reencrypting all the current encrypted values you have?
Regards Hans
It depends on one thing - did you change the public and private keys when you rotated the cert?
Remember, a cert is just a host for a public key, or more accurately, a way to bind an identity (CN=foo.com) to a public key.
When you roll a cert, you have an option: do you roll the keys as well or do you just re-issue a new cert with the same key?
If you roll the keys, then no, you can no longer use the new cert to perform crypto operations on data manipulated by the old cert.
If you just reissue the cert and don't roll the keys, then you're ok.
I hope that helps.