The Windows installers and screenshot applet need up to date certificates. We use 2-year certificates. For supportability purposes we should start using 3 or 4 year certificates. To ensure we're always up to date we should be pro-actively updating these on a semi regular basis, although because the signatures are often stamped with a timestamp server even when the certificates expire they should still appear as trusted.

The CSR's can take a while to come through once we put in requests to IT and our certificate provider, so this should be done in late 2015 so that we:

• have time to request tickets from IT and incorporate them
• our product continues to be trusted, and in the case of the applet work, for some period after release.

The current round of certificates expire in late 2016. See JRA-35664.

Once you've done this task, create another one with similar parameters to be started in a year and finished in 18 months. Hooray!