This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 13%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Recently I start receiving that certificates on our ADFS server are about to expire.
So first I looked in the ADFS management console, Service, Certificates.
But all certificates like Service Communications, Token-decrypting and Token-signing are up-to-date.
So I start looking at the local certificate store, to find out all the certificates are all issued by CN=Microsoft PolicyKeyService Certificate Authority.
And there are a lot of them!
When I searched the web I did found out that they have something to do with the Health service. There are just a few similar cases, but none of them answer my questions, hopefully they will be answered here.
I hope somebody can help me on this issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 90%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
No one? I have the same question.
AFAIK, those are certificates generated by the installation and updates of the Azure AD Connect Health agent.
It uses only the latest one and renew automatically every 6 months I believe.
In any cases, it is safe to remove the one which have expired and even the one which have been superseded by a more recent one (even if it hasn't expire).
Hope this helps!