![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello, shellzbelle
Welcome to Microsoft Community.
When trying to turn on app security to protect from unwanted apps being vulnerable etc, I get a windows certificate box that comes up asking Do you want to allow this app to make changes to your device? Windows Security/Verified Publisher: Microsoft Windows Publisher- If I click on show more details, then click show information of certificate, it shows me valid 8/8/2023 - 8/4/2024. Which is expired. So of course I click NO to not allow it to make changes. Why is this happening?
Certificates have a set validity period, after which they expire. This is a standard security practice to ensure that certificates are regularly updated and re-validated. When a certificate expires, it needs to be renewed or replaced with a new one.
It’s unlikely that you did anything specific to cause the CA root certificate to expire. Certificates are issued with an expiration date from the start. Here are a few reasons why you might be encountering this issue now:
Time Passed: The certificate simply reached its expiration date.
System Updates: Sometimes, system updates or changes in security policies can highlight expired or untrusted certificates that were previously unnoticed.
Software Changes: Installing or updating software (like security apps) might prompt your system to check the validity of certificates more rigorously.
If I do a Windows /R open: certmgr.msc / certificates- current user /personal/certificates. I have one that comes up, if I double click on this , it says as follows: This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities store. Valid from 9/6/24 to 9/6/2025 You have a private key that corresponds to this certificate. Friendly name: Microsoft to Phone.
What does this mean?
This message indicates that the certificate you have is not currently trusted by your system. Here’s a breakdown of what each part means:
- CA Root Certificate Not Trusted: This means that the certificate authority (CA) that issued this certificate is not recognized as a trusted source by your system. To make it trusted, you need to install it in the Trusted Root Certification Authorities store.
- Validity Period: The certificate is valid from 9/6/2024 to 9/6/2025. This means it is currently valid and not expired.
- Private Key: You have a private key that corresponds to this certificate. This is important for encryption and secure communication, as the private key is used to decrypt information that was encrypted with the corresponding public key.
- Friendly Name: “Microsoft to Phone” is just a label to help you identify the certificate.
Next, right-click on the certificate and select All Tasks > Export.
Follow the wizard to export the certificate to a file.
Go to Certificates - Current User > Trusted Root Certification Authorities > Certificates.
Right-click on Certificates and select All Tasks > Import.
Follow the wizard to import the certificate file you exported earlier.
If you need further assistance with the steps to install the certificate or have any other questions, feel free to ask!
Yuhao L
Microsoft Community Technical Support