Windows secure boot certificate, how is this...

\[rant I guess\] The last couple of weeks I have been trying to get our physical and virtual servers updated. I am just wondering who in the world decided to keep a certificate for secure boot alive for 15 years and not update this in the meantime so it would be updated during normal hardware/os replacements. So now a couple of months before the first one expires we have to update our servers. I have servers that have the new Windows UEFI CA 2023 installed, Microsoft UEFI CA 2023 and Microsoft C