By default, the default keyring is referenced and used for the following.
1. HTTPS Management Console
To remove it, go to Services-Management Services->HTTPS Console->Edit and change the default keyring from there to the new one
2. SSL Proxy
To change this, Proxy Settings->SSL Proxy->Change the Issuer keyring to the new keyring
3. Proxy Client Manager
To modify this, Clients->General->Client Manager and change the keyring to the new one
4. If you have any SSL Intercept Action object, you need to remove/change it from there as well.
Once the default keyring is expired, it's reference can be removed from the above configuration area with a new keyring but default Keyring can not deleted from the appliance. Only performing factory default on the proxy will generate new default keyring.