Deze website gebruikt cookies. Klik op Accepteren om akkoord te gaan met het cookie-gebruik van onze website, zoals wordt beschreven in ons Privacy-beleid. Klik op Voorkeuren om uw cookie-instellingen aan te passen.
FAQs about the expiration of Windows Secure Boot certificates
Microsoft is replacing the Secure Boot certificates (CAs) used in many Windows systems since 2011 because they will gradually expire starting in June 2026 (others by October 2026 at the latest). To ensure that Secure Boot continues to receive updates and can trust new boot components, affected devices must be migrated to 2023 certificates.
What is Secure Boot?
Secure Boot ensures that only signed and trusted software is executed during system startup. If the certificate expires and no update is available, systems may:
no longer boot
block certain operating systems, boot loaders, or drivers.
Which systems are affected?
Potentially affected are:
Windows systems (Windows 10, Windows 11, and server versions)
Linux distributions and other operating systems that use Secure Boot
Microsoft provides new secure boot certificates (new UEFI CA) and distributes them via:
Windows Updates
Firmware / UEFI updates from device manufacturers (OEMs)
The old and new certificates will run in parallel for a period of time to ensure a smooth transition.
⚠️Note⚠️ A BIOS / firmware update for your notebook may not be absolutely necessary. And if it is, the corresponding update will be received automatically via Windows Update by then.
What is recommended for the end user?
The update process is largely automatic, but make sure,
that Secure Boot is enabled.
that you are using one of the supported Windows operating systems in the latest version.
that you have enabled the installation of Windows updates in the system settings.
(en-gb) ▼ 
Klick hier, um diese Seite auf Deutsch zu lesen
Click here to read this page in English
Cliquez ici pour lire cette page en français
Klik hier om deze pagina in het Nederlands te lezen
