Microsoft warns against deleting Microsoft root certificates that expire this month

by ·

The Microsoft Root Authority certificate, issued on January 10, 1997, will expire at the end of this month. In a blink of an eye, the certificate has been in operation for 23 years.

Under normal circumstances, the digital signature certificate may be unusable after it expires, but the expiration of this kind of root certificate will not affect it in the Windows system.

In fact, if the user manually deletes these expired root certificates, it will have an impact, which may cause various abnormalities in the system due to lack of certificates.

The reason is that Microsoft needs to rely on these expired certificates for backward compatibility. If deleted, some core components of the system will not function properly and cause malfunctions.

According to Microsoft’s instructions, as part of the trust management process of the basic organization of the convention, some administrators may periodically delete expired root certificates from the system.

However, some root certificates are necessary for the operation of the system. Do not delete them even if they have expired. Otherwise, they will affect system functions or cause computer failure.

Although some certificates have expired, these certificates are necessary for backward compatibility. As long as the certificates are not revoked, you can continue to verify certain content.

The specific content here refers to the content that has been signed before the certificate expires. For example, some software certificates expire early but can still be used for this reason.

In theory, expired certificates cannot be used to verify the content signed after the expiration date, but many components are not updated in time and rely on expired digital certificates.

There are currently 3 necessaries and trusted certificates in Windows 7, in Windows Vista, in Windows Server 2008 R2, and in Windows Server 2008

These certificates will expire in 2020. Microsoft Root Authority and Thawte Timestamping CA certificate will expire on December 31, 2020.

The trusted root certificates that will expire on May 9, 2021, are the Microsoft Root Certificate Authority, which is all system-dependent certificates.

The above three root certificates are key certificates that the system relies on. Users must not delete them. Once deleted, they will affect the system and may cause it to fail to run.

Via: borncity

Tags: