Desktop Email Encryption

We're currently using PGP Desktop 10.1.2, PGP SDK 4.0.1. Every year we check to make sure this software is still FIPS 140-2 compliant. Can anyone point me to where I can find a certificate showing this version is compliant with FIPS 140-2?

The below article confirms certifications for the 2010 module:

http://www.symantec.com/docs/TECH164126

While the links inside the article can show the latest, using:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm

With the latest cert being:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140crt/FIPS140ConsolidatedCertJuly2016.pdf

I'd highly recommend you upgrade your software though.  The verson you've mentioned was released on 7th April 2011, and has had many updates made to it since then.  Current version of Symantec Encryption Desktop is now 10.4, more details below:

https://support.symantec.com/en_US/encryption-desktop.html

http://www.symantec.com/docs/TECH235036

http://www.symantec.com/docs/HOWTO83900

I'm not seeing 4.0.1 listed. Also, do any of these certificates ever expire? 

I'll leave you to search through and locate a certified version applicable to your SDK version.  As far as expiry goes, this is more a question for the certification body and not Symantec.  That said, a quick Google came up with:

http://csrc.nist.gov/groups/STM/cmvp/documents/CMVPFAQ.pdf

Just search in there for "Does the validation certificate of a cryptographic module expire"

Just came across this article as it goes:

http://www.symantec.com/docs/TECH149193

I can't see your version of the SDK in there, and so would recommend you grab the latest instead:

https://www.symantec.com/connect/downloads/pgp-sdk