The self-signed certificates created in the versions 8.0 to 8.1 had a validity of 1 year. But in Version 8.2, the certificates are issued with a validity of 9999 years and therefore they do not actually expire. If you want to replace an expired certificate, you should first update to the latest version. Further information you can find in the assistance: http://help.passwordsafe.de/v8/1/en/topic/updates
The actual change of the certificate is carried out via the basic configuration, which can be called up in the login window of the Admin Client.
In the basic configuration, the expert mode is activated first.
With the corresponding icon you can simply create a new certificate.
Then a new self-signed certificate must be rolled out to the individual clients or installed there.
The above can also be used to switch to a certificate from a local CA.
Further information on these topics you can find in the assistance: