Secure Boot Certificates Update Process
(Field Notes)

Secure Boot Certificates Update Process (Field Notes)

This guide helps you get through Microsoft’s 2011 → 2023 Secure Boot certificate update (expiring starting June 2026) in real IT environments—especially Windows Server, where you typically need manual initiation and troubleshooting.

It’s written as field notes from testing and troubleshooting (not a vendor playbook), including a VMware VM scenario where the process can fail at the KEK step.

What you’ll get

✔ Step-by-step field notes (PDF)

How to initiate the update on Windows Server

What can go wrong (and what to check first)

Manual enrollment paths if you hit firmware/VM issues

Monitoring + quick validation (events, task, registry)

✔ PowerShell helper script (by André Estêvão)

A simple script to help you check status / prerequisites and make verification faster across systems.

Who it’s for

Windows admins / security engineers who want to avoid trial-and-error and have a practical reference before touching production.