This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 1%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Installed new Policy CA certificate but don't want to use it now - Can this be removed from CA as it not shows in Manage AD containers ..
How to remove this certificate from CA
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,
Welcome to share your current situation if there are any updates.
Please feel free to let us know if you need further assistance.
Best Regards,
Thanks FAN and Crypto -- it worked after renewal of IssCA
After publishing to AD PKIVIEW is not reflecting crt, AIA and CDP
it won't until you renew your Issuing CA certificate which must be signed with new policy CA certificate.
Thanks Crypt32 .. it worked
Hi,
Not sure how your PKI environment is deployed. If possible, you can tell more information about the environment.
Based on my understanding, CA certificate can't be deleted if it was not expired.
Do you want to delete the policy CA certificate from the policy ca or the sub-issue CAs?
Best Regards,
Hi FanFan
The certificate was signed from Root and installed on PolicyCA --- After publishing to AD PKIVIEW is not reflecting crt, AIA and CDP-
can we delete the policy CA cert Or revoke this certificate -- and submit "Renew CA Certificate" on PolicyCA and sign new certificate will this resolve the issue --- ?
Hi,
1, Would you please tell how did you deploy the PKI tier?
First Tier: Root CA (offline or online?)
Second Tier: Policy CA (offline or online?)
Third Tier: Issue CA (online?) domain joined?
2, Do you mean you wanted to renew the PolicyCA certificate, but you select the wrong option "submit the new request"
When you open the Certificate Authority, please check the PolicyCA properties and check how many certificates dispalyed:
3, You open the PKIVIEW on the issue CA, right? Would you please share a screenshot here? (Please hide the private information)
Following steps performed for PolicyCA crt
Renewed CA cert with new key pair
Copied the following files to AD FS location (for CDP/AIA)
CertEnroll\IntCA(1).crt
CertEnroll\IntCA(1).crl
Published IntCA to AD FS
certutil -dspublish -f " - " SubCA
Hi,
As Cryptt32 said, it won't refresh until you renew your Issuing CA certificate which must be signed with new policy CA certificate.
Best Regards,