You can validate signature signed with the expired certificate at the signing time (preference in the Signature Validation Preferences). Since it is a self-signed certificate you need to trust it directly, so there are no issues with the revocation checking.
I appreciate your reply but am not sure i understand your response. Do we need to keep the old expired certificates as well as the new certificate they created to replace the expired ID?
You need to keep the old expired certificates in Trusted Idetities (wiht public keys only) to be able to validate signatures signed with these certificates at the signing time (time when the signature was created). You do not need to keep expired certificates with private keys.which are password-protected files on your computer (or in Windows certificate store or Mac keychain).
Okay - I think I understand. So it sounds like we are able to keep two public keys in our trusted Identities for one person. The public key for the expired Id and the public key for the new ID.