By Jess Weatherbed
Publication Date: 2026-02-10 17:00:00
Microsoft is automatically replacing boot-level security certificates on Windows devices before they start expiring later this year. The new Secure Boot certificates will be rolled out as part of the regular Windows platform updates, according to Microsoft’s announcement blog, marking a “generational refresh” of the security standard.
Secure Boot was introduced in 2011 to protect systems from any unauthorized changes during the boot process, later becoming one of Windows 11’s hardware requirements. After 15 years, those 2011 Secure Boot certificates are now set to expire between June 2026 and October 2026. A new batch of certificates was issued in 2023 and already shipped with many new Windows-based devices sold since 2024, but older PC hardware will need to be updated.
“As cryptographic security evolves, certificates and keys must be periodically refreshed to maintain strong protection,” Microsoft’s Nuno Costa said in the announcement blog. “Retiring old certificates…
