Systems and methods to rotate security assets used to for secure communications are disclosed. The system includes receiving a first certificate that includes a first subject name for the remote servers. The first certificate further includes a first public key. Next, the system receives a second certificate that includes the first subject name for the remote servers. The second certificate further includes a second public key that is different from the first public key. Next, the system stores the first and second certificates in a trust module. Next, the system receive a third certificate from a first server included in the plurality of remote servers. Next, the system identifies the first server is trusted. The identifying is based on the third certificate matching any one of the first certificate and the second certificate. Finally, the system establishes a secure communication session with the first server based on the identifying the first server is trusted.