Microsoft Site Warning: Certificate Expiry Causes Issues

A lapse in Microsoft’s certificate management practices led to a domain, critical for system administrators worldwide testing Microsoft 365 connectivity, generating untrusted connection warnings in web browsers beginning Monday.

The connectivity.office.com domain a widely relied-upon tool for IT professionals to verify their network’s connectivity to Microsoft 365 and confirm that firewalls aren’t silently blocking critical Microsoft services, is now displaying a NET::ERR_CERT_DATE_INVALID error in Chromium-based browsers.

The certificate, issued by Microsoft Azure RSA TLS Issuing CA 07, expired on Sunday, June 14, 2026, at 08:38:02 UTC, having last been renewed on December 16, 2025, meaning it carried only a six-month validity window that Microsoft failed to renew in time.

The certificate viewer confirms the domain is owned by Microsoft Corporation, with the TLS certificate having a SHA-256 fingerprint of c52ca2abaffcb192ef02ff7c131504d32b0311024c4ec7f8a439c44f17347baa.

An SSL server report retrieved Monday confirmed the lapse, showing the certificate was valid for exactly 180 days before expiring without renewal. The browser warning explicitly states: “This server could not prove that it is connectivity.office.com; its security certificate expired 2 days ago.”

The connectivity.office.com domain is specifically designed to help enterprise IT teams and network engineers diagnose Microsoft 365 connectivity issues — testing whether firewalls, proxies, or network appliances are interfering with traffic to Microsoft servers.

With the certificate now expired, browsers flag the site as untrusted, and any automated tooling or scripts relying on HTTPS connections to this endpoint may fail silently or throw certificate validation errors, breaking diagnostic workflows.

Organizations that use this endpoint in network health checks or onboarding verification scripts are directly affected.

This incident is particularly embarrassing given Microsoft’s concurrent push around certificate hygiene; the company is actively urging enterprise customers to renew aging 2011-era Secure Boot certificates ahead of their own June–October 2026 expiry schedule.

Allowing a publicly facing, IT-critical domain’s TLS certificate to lapse contrasts with that guidance. Certificate lifecycle management failures are among the most preventable security misconfigurations, and automated renewal systems, which Microsoft itself promotes through Azure, exist precisely to prevent such lapses.

Microsoft has not yet issued a public statement regarding the expired certificate as of the time of writing. The company is expected to renew the certificate imminently, given the affected domain’s operational visibility.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.