Two important Microsoft certificates tied to Secure Boot are set to expire later this week, marking a significant milestone for UEFI firmware management. The first certificate, identified as the Microsoft Corporation KEK CA 2011, reaches its expiration date on June 24, 2026. Just three days later, on June 27, 2026, the second certificate, known as the Microsoft UEFI CA 2011, will also expire.
Will your computer stop booting?
Despite the expiration dates, your Windows PC should continue to function normally. The expiration of these specific certificates does not trigger an immediate failure for most existing systems. Life goes on, and the operating system remains stable because the firmware validation process relies on a chain of trust that includes newer, non-expired certificates alongside these older ones.
For the vast majority of users running Windows 10 or Windows 11, this event is transparent. You will not see error messages, and your system will not refuse to start up simply because these specific 2011-era keys have reached their end-of-life date.
What this means for you
If you are an everyday user, there is no action required on your part. Microsoft designed the UEFI Secure Boot infrastructure to handle certificate rotations and expirations without disrupting daily usage. Your device’s firmware likely already contains updated keys that validate the operating system independently of these specific expired certificates.
However, if you are an IT professional managing a large fleet of devices or working with legacy hardware that has not received firmware updates in many years, it is worth verifying your UEFI settings. Ensure that your systems have access to the latest Microsoft platform keys and key exchange keys to maintain a robust security posture.
This expiration is part of the standard lifecycle management for digital certificates used in hardware security. While the headlines might suggest a crisis, the technical reality is that this is a routine maintenance event for the underlying security infrastructure of Windows PCs.
Source: AskWoody
Over to you: Have you noticed any changes in your PC’s startup behavior since the recent certificate updates?
