certutil -deleterow is not responding

Derik 0 Reputation points
2024-01-29T21:07:08.31+00:00

I would like to clean up the CA Database "Failed Request" and "Issued Certificates" The oldest entries for Failed Certificates are May 2018. So i'm tried to execute the certutil command deletrow certutil -deleterow May/30/2018 Request There are 24 Failed Certificates that should be removed from CA DB but after executing the command the CPU goes up caused by MS Certificate Service and Command Line doesn't give me any feedback. I seen that there is a workaround if you want to delete more than 200 certificates but in my case i just want to try to delete a hand full certificates. Have been waiting a couple of hours now but the command doesn't seem to end and i do not get an error message. I've tried this but seems to be the same

For example, if you want to delete all failed and pending requests submitted by January 22, 2001, the command is:> C:>Certutil -deleterow 1/22/2001 Request

The only problem with this approach is that certutil.exe will only delete about 2,000 - 3,000 records at a time before failing due to exhaustion of the version store. Luckily, we can wrap this command in a simple batch file that runs the command over and over until all the designated records have been removed.

@echo off:TopCertutil -deleterow 8/31/2010 RequestIf %ERRORLEVEL% EQU -939523027 goto Top

Windows for business | Windows Server | Devices and deployment | Configure application groups
{count} votes

1 answer

Sort by: Most helpful
  1. Derik 0 Reputation points
    2024-01-31T16:05:49.7133333+00:00

    The command line did not respond, it was like running a powershell command and it runs forever. I was able to delete the expired certificates but not the failed request, so I deleted about 250,000 expired certificates and I was able to delete the failed request. Not sure why it didnt allow me to delete the failed request but probably has something to do with perfomance or the EDB.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.