If those expired certificates aren't revoked , they can still be used to validate anything signed before their expiration. If not you can delete them
Please don't forget to mark helpful answer as accepted
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi, I have three expired certificates installed in the Trusted Root Certificate Authorities/Certificates:
but those three certificates are part of Microsoft Trusted Root Program with NotBefore status (certificate status: [https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT). There are no applications that use those certificates.
My question: Are those certificates safe to be deleted?
Thank you
If those expired certificates aren't revoked , they can still be used to validate anything signed before their expiration. If not you can delete them
Please don't forget to mark helpful answer as accepted
Elaborating the original question
So yea it sounds like this certificate is still active, SO AGAIN WHAT THE HELL IS IT?
I think we get that expired certificates are for backwards compatibility, and while everyone seems to say "it can only effect anything before expiration date." Do we know this to be absolutely true?
This Microsoft forum NEEDS to do a better job of informing the user instead of saying. uhhhh yea don't delete that or follow this link for information. THE URL SAYS "LEARN.MICROSOFT.COM so teach, by informing........
THANK YOU!
Hello there,
Once the certificate expires it is no longer valid. Therefore, once a certificate expires you can safely remove it from the CA database. The one exception to this is if have Key Archival configured on the CA. If you are archiving private keys, you may not want to remove expired CA certificates from the CA database.
Note: Backup the CA including the database and log files prior to deleting any certificates from the database.
For more information ,you can refer to the following link:
Following script for your reference: https://gallery.technet.microsoft.com/scriptcenter/Script-to-delete-expired-8fcfcf48
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer--
Hello there,
Once the certificate expires it is no longer valid. Therefore, once a certificate expires you can safely remove it from the CA database. The one exception to this is if have Key Archival configured on the CA. If you are archiving private keys, you may not want to remove expired CA certificates from the CA database.
Note: Backup the CA including the database and log files prior to deleting any certificates from the database.
For more information ,you can refer to the following link:
Following script for your reference: https://gallery.technet.microsoft.com/scriptcenter/Script-to-delete-expired-8fcfcf48
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer--