AFAIK, those are certificates generated by the installation and updates of the Azure AD Connect Health agent.
It uses only the latest one and renew automatically every 6 months I believe.
In any cases, it is safe to remove the one which have expired and even the one which have been superseded by a more recent one (even if it hasn't expire).
Hope this helps!
ADFS Multiple certificates from "Microsoft PolicyKeyService Certificate Authority"
Recently I start receiving that certificates on our ADFS server are about to expire.
So first I looked in the ADFS management console, Service, Certificates.
But all certificates like Service Communications, Token-decrypting and Token-signing are up-to-date.
So I start looking at the local certificate store, to find out all the certificates are all issued by CN=Microsoft PolicyKeyService Certificate Authority.
And there are a lot of them!
When I searched the web I did found out that they have something to do with the Health service. There are just a few similar cases, but none of them answer my questions, hopefully they will be answered here.
- Is there an option to renew them manually to get rid of the expiration warning events?
- Why are there so many certificates?
- Is it safe to remove them once they expire?
I hope somebody can help me on this issue.
1 answer
Sort by: Most helpful
-
Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
2022-04-29T00:37:09.207+00:00