none
Expired Microsoft Timestamp Root Certificate RRS feed

  • Question

  • Hi,

    Out organization has Server 2012R2 Domain Controllers. We have been been getting dinged by Retina scans for some expired Certificates, among them  Microsoft Timestamp Root, and Microsoft Authenticode(tm) Root. Some of them expired in 1999. Can these certificates be renewed or deleted without breaking something?

    Thanks.

    Tuesday, October 16, 2018 6:16 PM

All replies

  • Does anyone out there have any ideas?????
    Friday, October 19, 2018 12:01 PM
  • Question was raised long time ago, but let me answer for those who may looking for that.

    Here you will see why You have those certificates on your servers:
    https: // support.microsoft.com/en-au/help/293781/trusted-root-certificates-that-are-required-by-windows-server-2008-r2

    So in general they should not be removed as per Microsoft's recommendation.
    But let me tell you something - I'm removing them from servers managed by me, and it never caused any issues. The reason why I do this is that quite often I need to investigate some certificate issues, sometimes I use CAPI2 logs for that. Any expired certificate in root container causes additional errors in those logs, what makes them more difficult to read.

    And come on, it expired 20 years ago, what on our servers really needs to be compatible with 20 years old services...?
    Thursday, January 31, 2019 6:28 PM