This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 63%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
I would like to clean up the CA Database "Failed Request" and "Issued Certificates" The oldest entries for Failed Certificates are May 2018. So i'm tried to execute the certutil command deletrow certutil -deleterow May/30/2018 Request There are 24 Failed Certificates that should be removed from CA DB but after executing the command the CPU goes up caused by MS Certificate Service and Command Line doesn't give me any feedback. I seen that there is a workaround if you want to delete more than 200 certificates but in my case i just want to try to delete a hand full certificates. Have been waiting a couple of hours now but the command doesn't seem to end and i do not get an error message. I've tried this but seems to be the same
For example, if you want to delete all failed and pending requests submitted by January 22, 2001, the command is:> C:>Certutil -deleterow 1/22/2001 Request
The only problem with this approach is that certutil.exe will only delete about 2,000 - 3,000 records at a time before failing due to exhaustion of the version store. Luckily, we can wrap this command in a simple batch file that runs the command over and over until all the designated records have been removed.
@echo off:TopCertutil -deleterow 8/31/2010 RequestIf %ERRORLEVEL% EQU -939523027 goto Top
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello Derik,
Thank you for posting in Q&A forum.
Based on the description, if you delete one or few certificates via the certutil -deleterow command, does the command end successfully?
If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou
i tried running
The command line did not respond, it was like running a powershell command and it runs forever. I was able to delete the expired certificates but not the failed request, so I deleted about 250,000 expired certificates and I was able to delete the failed request. Not sure why it didnt allow me to delete the failed request but probably has something to do with perfomance or the EDB.
