Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, December 1, 2017 9:54 PM
I saw some warnings in my computer's event log and certificates either expired or about to expire. I opened the certificate MMC and looked in the Personal certificates area which has I estimate about 50 certificates. Of those, all but 5 are expired and 3 of those are due to expire tomorrow.
Those 3 and all the ones already expired were issued in 2017 by MS-Organization-P2P-Access [2017]. The issued to name appears identical for all of them and consists of a long combination of numbers and letters in the format of ab0c1def-2g34-5h6i-j7k8-l9m01n2opq34. The stated intended purpose in the MMC is Server Authentication. There is no friendly name.
They appear to have expired in groups of 3 to 5 on any given date starting in mid-November and continuing up through today.
Any idea what these might be and if it's okay to delete them?
Thanks,
Jonathan
All replies (7)
Thursday, December 7, 2017 1:32 PM ✅Answered | 2 votes
Hi,
I discuss with AD certificate support to get more information. Then I get the conclusion below.
The P2P certificate is one that is pushed down by Azure AD during authentication of the user in the device, for the purpose of supporting remote desktop connectivity to another Azure AD joined device (peer-to-peer). The target device will authenticate this certificate against Azure AD, before the remote connection is established. The expiration date of the certificate is 24Hrs, thus, you can safely ignore them.
Regards,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Saturday, December 2, 2017 11:46 PM
You receive a certificate warning from AD FS when you try to sign in to Office 365, Azure, or Intune
S.Sengupta,Microsoft MVP Windows and Devices for IT, Windows Insider MVP
Monday, December 4, 2017 9:46 AM
Hi Jonathan,
Depends on what the certificates were used for. If only computer authentication, its probably ok to clean them out, but if they were used to encrypt stuff that's still around (eg EFS), then you'll not want to throw away your keys to that data.
Revoking is essentially useless as the certificates are expired. Revocation is for time valid certificates that must be terminated prior to their expiration date. It is technically possible to delete expired certificates but just make sure you will never want to check if they were issued in the past. Once they are deleted, they are gone. .
Also some information about certificate in event viewer.
https://technet.microsoft.com/en-us/library/cc774595%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
Hope it will be helpful to you
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, December 4, 2017 2:55 PM
Could the certificates that have the long name and have 3-5 issues every day be from Azure? My laptop is joined to my company's Azure organization and tied to O365, not to a domain.
If that's the case then I understand why they're there although they're really going to inflate my certificate store with 3-5 being created every day and it doesn't appear any old ones are getting deleted.
Jonathan
Tuesday, December 5, 2017 12:47 PM
Hi Jonathan,
Based on my check, it could be occurred when you sign in to O365 to get these event log. Check the link below
Certificate isn't time valid.
Service-name mismatch.
Certificate wasn't issued by a trusted root certification authority (CA).
Certificates are used in Azure for cloud services (service certificates) and for authenticating with the management API .
Certificates used in Azure are x.509 v3 certificates and can be signed by another trusted certificate or they can be self-signed. A self-signed certificate is signed by its own creator, therefore it is not trusted by default. Most browsers can ignore this problem.
More information about certificate in Azure for O365.
/en-us/azure/active-directory/connect/active-directory-aadconnect-o365-certs
Regards,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, December 6, 2017 2:10 PM
Unfortunately I don't believe that article applies in my case. I don't receive any certificate warning in my browser. There are warnings in the Application log about a certificate expired or about to expire but I never see anything in the browser.
This very well could be related to Azure and so I'm going to leave it at that. I'll keep any eye on the certificate store and see how full it gets of these certificates that look like they good for only one day and 3-5 of them appear every day.
Thanks,
Jonathan
Thursday, December 7, 2017 2:08 PM
Hi,
I discuss with AD certificate support to get more information. Then I get the conclusion below.
The P2P certificate is one that is pushed down by Azure AD during authentication of the user in the device, for the purpose of supporting remote desktop connectivity to another Azure AD joined device (peer-to-peer). The target device will authenticate this certificate against Azure AD, before the remote connection is established. The expiration date of the certificate is 24Hrs, thus, you can safely ignore them.
Regards,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thank you! That answers my question.
Jonathan