Microsoft released a warning about their certificates Windows that have expired, explaining that users should leave them on the device because they are required for its operation (backwards compatibility).
In addition, Microsoft explains that deleting such a certificate could interrupt the operation, making it impossible to boot the system.
This usually applies to older versions of Windows as Windows 10 is not included in the list of operating systems that certificates could cause problems with.
"As part of a procedureof public key infrastructure (PKI from public key infrastructure), some administrators may decide to remove trusted root certificates from a domain based on Windows, a Windows-based server, or a Windows-based client. However, the root certificates listed in the Prerequisites section are required for the operating system to function properly. Because removing the following certificates may limit the functionality of the operating system or cause it to fail to boot computer, you should not remove them”.
The company says that even if a certificate has expired, the operating system uses it for compatibility with older versions, as it checks for files that have been signed before the expiration date.
"Some certificates have expired. However, these certificates are required for backward compatibility. "Even if there is an expired root certificate, anything signed using that certificate before the expiration date requires validation by a root certificate."
More information you can find in the post of Microsoft. However, the above information applies to Windows 7, Windows Vista, Windows XP, and older Windows Server operating systems.
