Deleted Enterpirse subroot CA certificate from personal store keeps on re-appearing on the list

BraveStoneWall 6 Reputation points
2021-03-07T13:14:00.703+00:00

We have some expiring Enterprise subordinate CA certs and I'm thinking to remove them. I have tried just to remove the certs from personal store of the computer account, however, whenever I restart the CA service of the Enterprise subordinate server, the certs that got deleted keep on re-appearing.

I have tried the option from pkiview.msc below but still the deleted certs re-appear after a reboot or restart the CA service.

1) Start pkiview.msc

2) Right-click Enterprise PKI, and then click Manage AD Containers

3) Click the NTAuthCertificates tab

4) Select the expiring CA certificate and then delete it

And this option, but it just resulted for the CA service not getting started and generates an error. Need to export the backup reg key to resolve it.

Deleted the CA certificates from personal store.

Deleted the Thumbprints of the CA certificate from the registry HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CERTSVC\CONFIGURATION\CA NAME\CACertHash.

I'm also thinking if it is advisable to delete the expiring cert as we already have renewed and generated a new cert. I think the expiring certs are somewhat save in the CA DB (C:\Windows\System32\Certlog) which I dont like to mess around with if that is so... the expiring certs that I'm talking about went through a ROOT CA request+issuing process as it is part of our PKI infrastructure.

Thanks and hoping someone out there can help out :)

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,580 questions
0 comments No comments
{count} votes