The default behaviour is changed so that certificates (both TIBCO Spotfire Server and Node Manager) are renewed if less than half of the certificate's validity period remains. For existing certificates (which, assuming the default configuration, have a validity of one year) this means that it's sufficient to restart the Spotfire Server or Node Manager once every six months to ensure that it always has a valid certificate. The default certificate validity is also prolonged from one to two years, so for new certificates it will be sufficient to restart once a year.

Configuring validity time can be done with the settings in configuration.xml:
security.ca.validity-period-end-entity-certs  -- default is now 730, earlier it was set to 365
​​​​​​security.ca.validity-period-ca-certs  -- default is 3650

Where end-entity is for Spotfire Server / Node Manager.
These two settings do only affect new certificates, so if you want these changes to valid for older certificates as well you have to first un-trust the Nodes or run the reset-trust command from command line.

To edit configuration.xml export the active configuration, edit in the XML file directly and then import again.
Documentation of how to edit configuration:
https://docs.tibco.com/pub/spotfire_server/10.3.4/doc/html/TIB_sfire_server_tsas_admin_help/GUID-C584A115-D1A5-4940-904F-C9A9E8F4F425.html

Example of how you could configure this using command line:

set-config-prop -n "security.ca.validity-period-end-entity-certs" -v "desired value"