If you sign an email message with an expired S/MIME certificate, it will not be trusted by your recipient’s client software. You should renew the certificate and configure your email software to use the replacement before it expires.
As long as you signed an email message within the validity period of your S/MIME certificate, your recipient’s email client software should continue to trust it after the certificate itself expires.
When your S/MIME certificate expires, your contacts will no longer be able to send you encrypted mail using that certificate. However, if you renew your certificate and send them a signed message, their client software will save the new certificate and use it in the future to encrypt messages sent to you.
Yes, as long as you do not delete your old certificate and private key from the certificate store in your OS or email client software.
No. Your old S/MIME certificate and key are required to decrypt and read messages that were encrypted when the certificate was valid, so you should not delete them. You should also export and re-install all past and present S/MIME certificates and private keys associated with an email address when migrating to another system.
