{"id":831,"date":"2026-04-14T07:18:57","date_gmt":"2026-04-14T05:18:57","guid":{"rendered":"https:\/\/digitalmaterial.ch\/blog\/?p=831"},"modified":"2026-04-14T07:18:57","modified_gmt":"2026-04-14T05:18:57","slug":"windows-secure-boot-certificate-renewal-in-june-2026","status":"publish","type":"post","link":"https:\/\/digitalmaterial.ch\/blog\/windows-secure-boot-certificate-renewal-in-june-2026\/","title":{"rendered":"Windows Secure Boot Certificate renewal in June 2026"},"content":{"rendered":"\n<p>With the renewal of the Secure Boot Certificate in Windows in June 2026, a major milestore regarding endpoint security is coming up. Three crucial certificates are about to expire this June and October:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Microsoft UEFI CA 2011: June 2026<\/li>\n\n\n\n<li>Microsoft Corporation KEK CA 2011: June 2026<\/li>\n\n\n\n<li>Microsoft Windows Production PCA 2011: October 2026<\/li>\n<\/ul>\n\n\n\n<p>This is documented in Microsoft&#8217;s KB 5062710 at <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e\">Windows Secure Boot certificate expiration and CA updates<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"765\" height=\"457\" src=\"https:\/\/digitalmaterial.ch\/blog\/wp-content\/uploads\/2026\/03\/image-10.png\" alt=\"\" class=\"wp-image-834\" srcset=\"https:\/\/digitalmaterial.ch\/blog\/wp-content\/uploads\/2026\/03\/image-10.png 765w, https:\/\/digitalmaterial.ch\/blog\/wp-content\/uploads\/2026\/03\/image-10-300x179.png 300w\" sizes=\"auto, (max-width: 765px) 100vw, 765px\" \/><\/figure>\n\n\n\n<p>As this is an important update, and it sounds like quite a lot can go wrong if the renewal does not work properly, it is important to understand that devices will still be able to boot, even with an old certificate.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Devices that haven\u2019t received the newer 2023 certificates <strong>will continue to start and operate normally, and standard Windows updates will continue to install.<\/strong> However, these devices will no longer be able to receive new security protections for the early boot process, including updates to Windows Boot Manager, Secure Boot databases, revocation lists, or mitigations for newly discovered boot level vulnerabilities.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">How the certificates should be renewed<\/h2>\n\n\n\n<p>First its important on how the Keys depend on each other and what they are used to.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>PK (Platform Key)<\/strong> \u2013 owned by the OEM; root of trust<\/li>\n\n\n\n<li><strong>KEK (Key Exchange Key)<\/strong> \u2013 allows updates to DB\/DBX<\/li>\n\n\n\n<li><strong>DB (Allowed Signature Database)<\/strong> \u2013 trusted boot signers<\/li>\n\n\n\n<li><strong>DBX (Revocation Database)<\/strong> \u2013 revoked \/ blocked signers<\/li>\n<\/ul>\n\n\n\n<p>This should all happen automatically, given certain requirements:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Secure Boot must be <strong>enabled<\/strong><\/li>\n\n\n\n<li>Device must be <strong>UEFI (not Legacy BIOS)<\/strong><\/li>\n\n\n\n<li>Firmware must support <strong>runtime Secure Boot variable updates<\/strong><\/li>\n<\/ul>\n\n\n\n<p>If firmware is not compatible, Windows intentionally does nothing to avoid bricking the system.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Given, that the system fulfills those requirements, Windows will update the device:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The new Secure Boot certificates are delivered <strong>inside normal cumulative updates<\/strong><br>This is also noted in the KBs (eg <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/march-10-2026-kb5079473-os-builds-26200-8037-and-26100-8037-9c222a8e-cc02-40d4-a1f8-ad86be1bc8b6\">March 10, 2026\u2014KB5079473<\/a>) as an improvement.<\/li>\n\n\n\n<li>No separate \u201cSecure Boot update\u201d is visible to the user<\/li>\n\n\n\n<li>Rollout is <strong>phased and telemetry\u2011gated<\/strong>, not simultaneous worldwide.<\/li>\n<\/ul>\n\n\n\n<p>At this stage:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Certificates exist inside Windows<\/li>\n\n\n\n<li>Nothing has been written to firmware yet<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Windows then checks if the Firmware responds to Secure Boot variable writes and evaluates previous boot health signals (TPM, BitLocker, boot success)<\/h3>\n\n\n\n<p>If any check fails, Windows <strong>defers the update silently<\/strong>. This is why two identical models may behave differently.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Once cleared:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Windows uses the existing <strong>Microsoft KEK (2011)<\/strong> to authorize:\n<ul class=\"wp-block-list\">\n<li>Adding <strong>Windows UEFI CA 2023<\/strong> to <strong>DB<\/strong><\/li>\n\n\n\n<li>Adding new <strong>KEK 2023<\/strong> entries<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Firmware stores these in non\u2011volatile UEFI variables<\/li>\n<\/ul>\n\n\n\n<p>This step <strong>requires a reboot<\/strong>, but the reboot may not be explicitly labeled as \u201cSecure Boot update.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">As a final step, a verification will be done and after the reboot the following should be true:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Secure Boot trust chain now includes <strong>both 2011 and 2023 CAs<\/strong><\/li>\n\n\n\n<li>Boot Manager can be validated by either CA<\/li>\n\n\n\n<li>Future boot components will be signed <strong>only with 2023 CA<\/strong><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How to check the certificates<\/h2>\n\n\n\n<p>Even though this does (or should?) not affect the immediate functionality of the device, it&#8217;s still important to have the new certificate from 2023 on all devices. There are a few possibilities to check if a device has been upgraded.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The UEFI DB<\/h3>\n\n\n\n<p>The first thing we can do is to check if the new certificate has already be written to the Database. As mentioned above, this does not indicate whether the devices already boots from a boot boot manager signed with the new certificate, it&#8217;s still a good first check to do. This returns either true or false.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#D4D4D4;--cbp-line-number-width:calc(1 * 0.6 * .875rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>(&#91;System.Text.Encoding&#93;::ASCII.GetString((Get-SecureBootUEFI db).bytes) -match 'Windows UEFI CA 2023')<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #D4D4D4\">(&#91;<\/span><span style=\"color: #569CD6\">System.Text.Encoding<\/span><span style=\"color: #D4D4D4\">&#93;::ASCII.GetString((<\/span><span style=\"color: #DCDCAA\">Get-SecureBootUEFI<\/span><span style=\"color: #D4D4D4\"> db).bytes) -match <\/span><span style=\"color: #CE9178\">&#39;Windows UEFI CA 2023&#39;<\/span><span style=\"color: #D4D4D4\">)<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">The local registry<\/h3>\n\n\n\n<p>One possibility is to check the local registry at <code>KEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing<\/code>. All The Keys and Values are documented by Microsoft: <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/registry-key-updates-for-secure-boot-windows-devices-with-it-managed-updates-a7be69c9-4634-42e1-9ca1-df06f43f360d\">Registry key updates for Secure Boot: Windows devices with IT-managed updates &#8211; Microsoft Support<\/a>.<\/p>\n\n\n\n<p>You can look out for a value named <code>UEFICA2023Status<\/code> which should be set to <code>Updated<\/code>. If the Certificate is not yet updated, this value can be <code>NotStarted<\/code> or <code>InProgress<\/code>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"835\" height=\"175\" src=\"https:\/\/digitalmaterial.ch\/blog\/wp-content\/uploads\/2026\/03\/image-9.png\" alt=\"\" class=\"wp-image-832\" srcset=\"https:\/\/digitalmaterial.ch\/blog\/wp-content\/uploads\/2026\/03\/image-9.png 835w, https:\/\/digitalmaterial.ch\/blog\/wp-content\/uploads\/2026\/03\/image-9-300x63.png 300w, https:\/\/digitalmaterial.ch\/blog\/wp-content\/uploads\/2026\/03\/image-9-768x161.png 768w\" sizes=\"auto, (max-width: 835px) 100vw, 835px\" \/><\/figure>\n\n\n\n<p>Of course, this can also be checked with PowerShell if it needs to be automated.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro cbp-has-line-numbers\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;--cbp-line-number-color:#D4D4D4;--cbp-line-number-width:calc(1 * 0.6 * .875rem);line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span role=\"button\" tabindex=\"0\" style=\"color:#D4D4D4;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly>Get-ItemPropertyValue `\n    -Path \"HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing\" `\n    -Name \"UEFICA2023Status\"<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki dark-plus\" style=\"background-color: #1E1E1E\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color: #DCDCAA\">Get-ItemPropertyValue<\/span><span style=\"color: #D4D4D4\"> `<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    -Path <\/span><span style=\"color: #CE9178\">&quot;HKLM:\\SYSTEM\\CurrentControlSet\\Control\\SecureBoot\\Servicing&quot;<\/span><span style=\"color: #D4D4D4\"> `<\/span><\/span>\n<span class=\"line\"><span style=\"color: #D4D4D4\">    -Name <\/span><span style=\"color: #CE9178\">&quot;UEFICA2023Status&quot;<\/span><\/span><\/code><\/pre><\/div>\n\n\n\n<p>the most important key this is the <code>WindowsUEFICA2023Capable<\/code> which can have three states. We are ultimately looking for a value of <strong>two <\/strong>in the end.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>0<\/strong> \u2013 or key does not exist &#8211; \u201cWindows UEFI CA 2023\u201d certificate is not in the DB<\/li>\n\n\n\n<li><strong>1<\/strong> &#8211; &#171;Windows UEFI CA 2023&#187; certificate is in the DB<\/li>\n\n\n\n<li><strong>2<\/strong> &#8211; &#171;Windows UEFI CA 2023&#187; certificate is in the DB and the system is starting from the 2023 signed boot manager \u200b\u200b\u200b\u200b<\/li>\n<\/ul>\n\n\n\n<p>As mentioned above, the Certificates will be rolled out in phases and Windows checks multiple signals. It puts each device in a bucket with an assigned Confidence Level. Measuring how confident Windows is, that the Update will succeed.<\/p>\n\n\n\n<p><code>ConfidenceLevel<\/code><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>High Confidence: <\/strong>Devices in this group have demonstrated, through observed data, that they can successfully update firmware using the new Secure Boot certificates.<\/li>\n\n\n\n<li><strong>Temporarily Paused: <\/strong>Devices in this group are affected by a known issue. To reduce risk, Secure Boot certificate updates are temporarily paused while Microsoft and partners work toward a supported resolution. This may require a firmware update. Look for an <code>1802<\/code> event for more details.<\/li>\n\n\n\n<li><strong>Not Supported \u2013 Known Limitation:<\/strong> Devices in this group do not support the automated Secure Boot certificate update path due to hardware or firmware limitations. No supported automatic resolution is currently available for this configuration.<\/li>\n\n\n\n<li><strong>Under Observation &#8211; More Data Needed:<\/strong> Devices in this group are not currently blocked, but there is not yet enough data to classify them as high confidence. Secure Boot certificate updates may be deferred until sufficient data is available.<\/li>\n\n\n\n<li><strong>No Data Observed &#8211; Action Required: <\/strong>Microsoft has not observed this device in Secure Boot update data. As a result, automatic certificate updates cannot be evaluated for this device, and administrator action is likely required. For guidance, see: https:\/\/aka.ms\/SecureBootStatus.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Use Microsoft Intune<\/h3>\n\n\n\n<p>Intune also provides a built in Report showing whether the Devices are using Secure Boot and if the Certificate is already deployed. You can find the report under Reports -&gt; Windows quality updates -&gt; Reports -&gt; Secure Boot status. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"207\" src=\"https:\/\/digitalmaterial.ch\/blog\/wp-content\/uploads\/2026\/04\/image-1024x207.png\" alt=\"\" class=\"wp-image-896\" srcset=\"https:\/\/digitalmaterial.ch\/blog\/wp-content\/uploads\/2026\/04\/image-1024x207.png 1024w, https:\/\/digitalmaterial.ch\/blog\/wp-content\/uploads\/2026\/04\/image-300x61.png 300w, https:\/\/digitalmaterial.ch\/blog\/wp-content\/uploads\/2026\/04\/image-768x155.png 768w, https:\/\/digitalmaterial.ch\/blog\/wp-content\/uploads\/2026\/04\/image-1536x310.png 1536w, https:\/\/digitalmaterial.ch\/blog\/wp-content\/uploads\/2026\/04\/image.png 1584w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Make sure, you have enabled <a href=\"https:\/\/learn.microsoft.com\/en-us\/intune\/privacy\/enable-windows-diagnostic-data\">Windows diagnostic data<\/a> and <a href=\"https:\/\/learn.microsoft.com\/en-us\/intune\/endpoint-analytics\/configure?pivots=intune\">Endpoint Analytics<\/a>. And as always in Intune, it takes a few days for the Report to be updated.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Remediation<\/h2>\n\n\n\n<p>As mentioned, this is managed by Microsoft in phases and the updates are rolled out with the normal Cumulative Updates. But there are still a few thing we can do remediate the issues.<\/p>\n\n\n\n<p>First, its always good practice to <strong>upgrade the firmware<\/strong> of the affected devices and make sure that the UEFI is on the latest version available from the Vendor.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Check the event log with the UEFICA2023ErrorEvent code<\/h3>\n\n\n\n<p>You can also check the Value of the <code>UEFICA2023ErrorEvent<\/code> in the registry and search for those Events in the Event Viewer for additional information.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Trigger the update manually<\/h3>\n\n\n\n<p><strong>Important:<\/strong> This should be done as a last step if it is not done automatically. And make sure you have your Bitlocker Keys safely stored.<\/p>\n\n\n\n<p>There are multiple steps you need to take to trigger a the rollout of the new certificates.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Set the registry key <code>MicrosoftUpdateManagedOptIn<\/code> in <code>HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Secureboot<\/code> to <code>0x5944<\/code>.<br>This will skip the telemetry checks from Windows and should then trigger an update.<br>This is described here: <a href=\"https:\/\/techcommunity.microsoft.com\/blog\/windows-itpro-blog\/act-now-secure-boot-certificates-expire-in-june-2026\/4426856\">Secure Boot certificates expire in June 2026 &#8211; Windows IT Pro Blog<\/a><\/li>\n\n\n\n<li>Wait: Now you will need to wait for the next CU to run and update the certificates. This may take more than 30 days, so be patient.<\/li>\n\n\n\n<li>Fallback: Above steps should change the <code>UEFI2023Status<\/code> to <code>InProgress<\/code> and <code>WindowsUEFICA2023Capable<\/code> to <strong>1<\/strong>. If this does not happen, there are two possibilities:\n<ul class=\"wp-block-list\">\n<li>Run <code>WinCsFlags.exe \/apply --key \"F33E0C8E002\"<\/code>. This will force deploy the Secure Boot Certificates (<a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/windows-configuration-system-wincs-apis-for-secure-boot-d3e64aa0-6095-4f8a-b8e4-fbfda254a8fe\">Windows Configuration System (WinCS) APIs for Secure Boot &#8211; Microsoft Support<\/a>)<\/li>\n\n\n\n<li>If above does not work, we can fall back to the Scheduled Task <code>Secure-Boot-Update<\/code>.\n<ul class=\"wp-block-list\">\n<li>Set the Registry Key: <code>AvailableUpdates<\/code>&nbsp;to <code>0x40<\/code> and run the Scheduled Task <code>\\Microsoft\\Windows\\PI\\Secure-Boot-Update<\/code>. This will then push the certificate into the store.<\/li>\n\n\n\n<li>Set the Registry Key: <code>AvailableUpdates<\/code>&nbsp;to <code>0x100<\/code> and run the same Task again. This will then Update the boot manager.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>After above steps the <code>WindowsUEFICA2023Capable<\/code> should show a value of <strong>1<\/strong>, meaning that the Certificate is in the Database.<\/li>\n\n\n\n<li>Reboot the Device: The Device now needs a full reboot to boot from the the signed boot loader. Be carefull with features like Hotpatch and Fastboot.<\/li>\n\n\n\n<li>Verify <code>WindowsUEFICA2023Capable<\/code>. In the end the Value should change to <strong>2<\/strong>.<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\">Remediate using Intune<\/h3>\n\n\n\n<p>When using Intune, you may want to have a look at the great Script from Mindcore:  <a href=\"https:\/\/blog.mindcore.dk\/2026\/04\/secure-boot-certificate-update-intune\/\">Secure Boot Certificate Update &#8211; Making It Happen with Intune Remediations &#8211; Mindcore Techblog<\/a>.<\/p>\n\n\n\n<p>The Script is using Remediation Scripts to run above steps. If you don&#8217;t have remediation scrtipts available becaus of missing E*-Licenses there are some workarounds of course.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>While the renwal of the Certificate is a thing that should happen automatically, most managed by Windows, we all know Microsoft well enough. It is definitely worth checking the status of devices to ensure the certificates have been renewed.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>With the renewal of the Secure Boot Certificate in Windows in June 2026, a major milestore regarding endpoint security is coming up. Three crucial certificates are about to expire this June and October: This is documented in Microsoft&#8217;s KB 5062710 at Windows Secure Boot certificate expiration and CA updates As this is an important update, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":845,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[73,90,87,89,88],"class_list":["post-831","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-endpoint-management","tag-certificate","tag-endpoint","tag-secureboot","tag-uefi","tag-windows"],"_links":{"self":[{"href":"https:\/\/digitalmaterial.ch\/blog\/wp-json\/wp\/v2\/posts\/831","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/digitalmaterial.ch\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/digitalmaterial.ch\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/digitalmaterial.ch\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/digitalmaterial.ch\/blog\/wp-json\/wp\/v2\/comments?post=831"}],"version-history":[{"count":33,"href":"https:\/\/digitalmaterial.ch\/blog\/wp-json\/wp\/v2\/posts\/831\/revisions"}],"predecessor-version":[{"id":900,"href":"https:\/\/digitalmaterial.ch\/blog\/wp-json\/wp\/v2\/posts\/831\/revisions\/900"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/digitalmaterial.ch\/blog\/wp-json\/wp\/v2\/media\/845"}],"wp:attachment":[{"href":"https:\/\/digitalmaterial.ch\/blog\/wp-json\/wp\/v2\/media?parent=831"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/digitalmaterial.ch\/blog\/wp-json\/wp\/v2\/categories?post=831"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/digitalmaterial.ch\/blog\/wp-json\/wp\/v2\/tags?post=831"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}