Windows updates released on and after February 13, 2024 include the ability to apply the Windows UEFI CA 2023 certificate to UEFI Secure Boot Allowed Signature Database (DB). Updating the DB will enable devices to receive future boot loader updates that are included in monthly updates.

For example: Domain joined, Non-Domain joined, Enterprise Certificate Authority, and Standalone Certificate Authority. Workaround. To recover from this issue, restart the computer. Active Directory Certificate Services is automatically started after the computer reboots. Status.

Certificate errors occur when there's a problem with a certificate or a web server's use of the certificate. Internet Explorer helps keep your information more secure by warning about certificate errors.

Fixes an issue in which you cannot modify the security settings of a certificate template even after you are delegated the full control permission for the template. The issue occurs on a computer that is running Windows Server 2008 R2 or Windows 7.

Resolution. The workaround is to uppercase all requester name strings passed as restrictions on the Certutil command line. For example, instead of using this command: certutil -view –restrict "RequesterName=contoso\twt"Use this command: certutil -view –restrict "RequesterName=contoso\TWT"

Summary. As described in Microsoft to use SHA-2 exclusively starting May 9, 2021, beginning May 9, 2021 at 4:00 PM Pacific Time, all major Microsoft processes and services—including TLS certificates, code signing and file hashing—will use the SHA-2 algorithm exclusively. How to verify your software is SHA-2 signed.

Cause. This issue occurs because of an error in the BITS service. When the BITS service receives an "ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED" error, and no client certificate is provided, the service does not set the WINHTTP_NO_CLIENT_CERT_CONTEXT option. Therefore, the download attempt fails.

To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate. Cause This issue occurs because the locally cached Certificate Revocation List (CRL) is expired and the OSCP responder is offline.

Cause. This issue occurs because NDES does not support the GetCACaps operation. Resolution. Hotfix information. A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article.

Summary. Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To learn more about the vulnerability, see Microsoft security advisory (4010323): SHA-1 deprecation for SSL/TLS certificates.