Hello,
Thank you so much for posting here.
According to our description, every time when we add a server to the domain, there will be 2 expired certificates appearing in the Intermediate CA store. For example:
As mentioned, the expired certificates are Cross CA and Root CA.
Firstly, we need to figure out how the computers get the certificates. If automatically, we could have a check by running “gpresult /h” to get a detailed group policy result report, then check if there is any GPO for the computers to get the certificates.
Besides, we could have a check of the expired certificate and make sure that they are not Root CA certificate and Intermediate CA certificate. What I mean here is that the expired certificates could be issued by Root CA and Intermediate CA.
For any question, please feel free to contact us.
Best regards,
Hannah Xiong