First published on TECHNET on Jan 18, 2009
Today I want to comment on the quite popular Microsoft Knowledgebase article How to decommission a Windows enterprise certification authority and how to remove all related obj... . I am referring to version 6.0 of the article with a review date of November 18th, 2008. You should be aware that the article has documentation bugs that need to be fixed. Until we are publishing a corrected version, you should consider the following information when applying the steps from the article.
certutil -ds -v NtAuthCertificates
With enterprise administrator permissions you can use the following command to delete certificates from within the NTAuthCertificates store:
certutil –viewdelstore " ldap:///CN=NtAuthCertificates,CN=Public Key Services,...,DC=...,DC=com?base?cACertificate"
The -viewdelstore verb invokes the certificate selection U/I on the set of certificates in the specified attribute. You can view cert details, and cancel out of the selection dialog to make no change. If you select a certificate, it will be deleted when the U/I closes and the command completes execution.
To clean up the NTAuthCertificates you can also use the PKIview MMC snap-in. It is part of the Windows Server 2003 Resource Kit Tools and the Microsoft Remote Server Administration Tools in Windows Server 2008 and Windows Vista.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.