Q: How to check Windows’ Secure Boot Certificate

Windows 11 Logo

In June 2026, the security certificate for Secure Boot will expire on many computers. These certificates should be replaced either through your computer manufacturer’s updates or via Windows Update. The new certificates were issued in 2023. If your computer does not receive the new certificate before the old one expires, it will still boot. However, you will miss out on future boot-level security protections.

How to Check Secure Boot Certificates

  1. Open PowerShell with Admin Rights
    1. Press Windows key on your keyboard
    2. Type PowerShell or Windows Terminal
    3. Right-click the app and choose Run as administrator.
  2. Run the Certificate Status Check

    In the window you opened, paste:

    ([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023')
  3. Read the Output
    • True – New 2023 Secure Boot certificate is installed
    • False – Only older certificates are present (update needed)

Check Default & Active Certificate for Secure Boot

Within Powershell run:

([System.Text.Encoding]::ASCII.GetString((Get-SecureBootUEFI dbdefault).bytes) -match 'Windows UEFI CA 2023')

Result will either True or False. True means new certificate is the default or current certificate.

Source: Ars Technica.

Last updated on

Comments

Be the first to comment on this Article

Leave a Comment

Kindly comment in English only. Spam will be removed.

Support Options

On Premise Support

Need help in your home or office? No problem, we can come to you!

Learn More

Remote Support

Do you need assistants, but your too busy? Then Remote Support is the Best Option!

Learn More

Get Help Online

Need help right now? Then the forums are the best place for immediate help.

FAQs

More FAQs »

Polls

How often do you replace your primary computer?

View Results

Loading ... Loading ...

Resources