There are keyrings that have expired certificates on them.
When can I remove expired keyring certificates? Will it cause failures or just keep working? Will jobs fail if I remove them from the keyring after they expire if they are still usable?
Expired certificates will not cause a problem if left on the keyring. Digital certificates can be used to encrypt data or tapes. So if you remove the certificate that was used too soon after it has expired, you will get a job failure. So you need to determine if your shop has used digital certificates in that way before removing them. If you have, when will the data be de-encrypted next? After that time, the new cert will be used to encrypt the data and the old cert can be removed.