Microsoft has issued a warning for expired Windows certificates, explaining that users should leave them on the device because they are required for its operation (backward compatibility).
In addition, Microsoft explains that deleting such a certificate could interrupt the operation, making it impossible to boot the system.
This usually applies to older versions of Windows as Windows 10 is not included in the list of operating systems that certificates could cause problems with.
As part of a public key infrastructure trust process (PKI from public key infrastructure), some administrators may decide to remove trusted root certificates from a Windows-based domain, a Windows-based server, or a Windows-based client. However, the root certificates listed in the Essentials section are required for the operating system to function properly. "Removing the following certificates may limit the functionality of the operating system or cause the computer to fail to start," you should not remove them.
The company says that even if a certificate has expired, the operating system uses it for compatibility with older versions, as it checks for files that have been signed before the expiration date.
"Some certificates have expired. However, these certificates are required for backward compatibility. "Even if there is an expired root certificate, anything signed using that certificate before the expiration date requires validation by a root certificate."
More information you can find in the post of Microsoft. However, the above information applies to Windows 7, Windows Vista, Windows XP, and older Windows Server operating systems.