Outdated or corrupted certificate data.Incorrectly configured AD CS enrollment settings.Device clock or system time not synchronized with the CA's time zone.

How do I fix: Method 2: Synchronize Device Clock?

Step 1: Ensure the device's clock is synchronized with the CA's time zone.Step 2: Verify that the system time is accurate and reflects the correct date and time.

How do I fix: Method 3: Re-enroll Device?

Step 1: Go to the AD CS enrollment settings and select 'Re-enroll' or 'Update Enrollment'.Step 2: Follow the prompts to re-enroll the device with a new certificate.

Software⏱️ 3 min read📅 2026-05-26

How to Fix: AD CS enrollment expired or invalid date issue

Q: Step-by-Step Verified FixesMethod 1: Update Certificate Data?

Step 1: Check the certificate data for any signs of corruption or outdated information.Step 2: Verify that the CA's expiration date is correctly set and synchronized with the device's clock.Step 3: Update the AD CS enrollment settings to ensure the correct certificate data is used.

AD CS enrollment issue resolved by updating Windows and enabling automatic date updates for certificates.

📋 Table of Contents

⚠️ Common Causes
🛠️ Step-by-Step Verified Fixes
💡 Conclusion

The error 'The date in the certificate is invalid or has expired. 0x80072f05 Error_WINHTTP_SECURE_CERT_DATE_INVALID' occurs when the AD CS enrollment process fails to validate the certificate's expiration date. This issue can arise due to a variety of reasons, including:

⚠️ Common Causes

Outdated or corrupted certificate data.
Incorrectly configured AD CS enrollment settings.
Device clock or system time not synchronized with the CA's time zone.

🛠️ Step-by-Step Verified Fixes

Method 1: Update Certificate Data

Step 1: Check the certificate data for any signs of corruption or outdated information.
Step 2: Verify that the CA's expiration date is correctly set and synchronized with the device's clock.
Step 3: Update the AD CS enrollment settings to ensure the correct certificate data is used.

Method 2: Synchronize Device Clock

Step 1: Ensure the device's clock is synchronized with the CA's time zone.
Step 2: Verify that the system time is accurate and reflects the correct date and time.

Method 3: Re-enroll Device

Step 1: Go to the AD CS enrollment settings and select 'Re-enroll' or 'Update Enrollment'.
Step 2: Follow the prompts to re-enroll the device with a new certificate.

💡 Conclusion

By following these steps and verifying that the AD CS enrollment settings are correctly configured, you should be able to resolve the 'The date in the certificate is invalid or has expired' error. If the issue persists, it may be necessary to contact your CA for further assistance.

Did this fix your problem?

If not, try searching for specific error codes.

🔍 Search Error Database

❓ Frequently Asked Questions

🛠️ Related Fixes

How to Fix: Pc crashes shortly after launching game (rainbow

Pc crashes shortly after launching game, possible cause: outdated grap

How to Fix: Installing an APK on a locked down phone

Installing an APK on a locked down phone: Try using a rooted device, e

How to Fix: FPS drops

FPS drops in games can be caused by high system resource usage, outdat