14 DAY TRIAL // Microsoft has issued a warning regarding expired Windows certificates, explaining users should let them on the device because they are required for backward compatibility.
What’s more, Microsoft explains that deleting such a certificate could eventually break down the operating, making it impossible to boot.
This normally concerns older versions of Windows, and Windows 10 isn’t included in the list of operating systems where certificates could cause issues.
“As part of a public key infrastructure (PKI) trust management procedure, some administrators may decide to remove trusted root certificates from a Windows-based domain, a Windows-based server, or a Windows-based client. However, the root certificates that are listed in the Necessary and trusted root certificates section in this article are required for the operating system to operate correctly. Because removal of the following certificates may limit functionality of the operating system or may cause the computer to fail, you should not remove them,” Microsoft explains.
Expired certificates required for backward compatibility
The company explains that even if a certificate is expired, the operating system still uses it for backward compatibility, as they can perform checks for files signed before the expiration date.
“Some certificates that are listed in the previous tables have expired. However, these certificates are necessary for backward compatibility. Even if there is an expired trusted root certificate, anything that was signed by using that certificate before the expiration date requires that the trusted root certificate is validated. As long as expired certificates are not revoked, they can be used to validate anything that was signed before their expiration,” the company says.
More information can be found on the page linked in this article. The aforementioned information, however, concerns Windows 7, Windows Vista, Windows XP, and older Windows Server operating systems, according to Microsoft.