You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
certificate migration
About this tag
Certificate migration on WindowsForum.com covers the operational and security challenges of moving from legacy certificate authorities to updated trust anchors. Recent discussions focus on Microsoft's coordinated refresh of UEFI Secure Boot certificates, where the 2011 CA family expires in mid-2026, and IT teams are using Intune Remediations to monitor endpoint readiness. Another active thread covers Sectigo's migration to single-purpose public roots for TLS, S/MIME, and code signing, emphasizing the need to update certificate chains before support ends. These threads highlight certificate migration as a critical infrastructure task involving firmware trust, PKI lifecycle management, and proactive endpoint visibility.
Microsoft listed CVE-2026-8863 on June 9, 2026, as a UEFI Secure Boot security feature bypass vulnerability in its Security Update Guide, with the public entry emphasizing confidence in the vulnerability’s existence rather than publishing deep technical exploitation details. That distinction...
Microsoft’s coordinated refresh of UEFI Secure Boot certificates has moved from advisory to operational urgency, and the monitoring-only approach using Microsoft Intune Remediations gives IT teams a non-invasive, exportable way to track which Windows endpoints have received the replacement 2023...
Sectigo’s migration to single‑purpose public roots is no longer an abstract industry update — it’s an active, time‑bound infrastructure change that requires immediate attention from anyone who runs TLS, S/MIME, or code‑signing certificates issued by Sectigo. The vendor has already begun issuing...