How to delete CA cert which is expired or not in use

TedBot 41 Reputation points

Installed new Policy CA certificate but don't want to use it now - Can this be removed from CA as it not shows in Manage AD containers ..

How to remove this certificate from CA

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,300 questions
{count} votes

Accepted answer
  1. Vadims Podāns 8,081 Reputation points Microsoft MVP

    After publishing to AD PKIVIEW is not reflecting crt, AIA and CDP

    it won't until you renew your Issuing CA certificate which must be signed with new policy CA certificate.

4 additional answers

Sort by: Most helpful
  1. Fan Fan 15,061 Reputation points


    Not sure how your PKI environment is deployed. If possible, you can tell more information about the environment.
    Based on my understanding, CA certificate can't be deleted if it was not expired.
    Do you want to delete the policy CA certificate from the policy ca or the sub-issue CAs?

    Best Regards,

    No comments

  2. TedBot 41 Reputation points

    Hi FanFan

    The certificate was signed from Root and installed on PolicyCA --- After publishing to AD PKIVIEW is not reflecting crt, AIA and CDP-
    can we delete the policy CA cert Or revoke this certificate -- and submit "Renew CA Certificate" on PolicyCA and sign new certificate will this resolve the issue --- ?

  3. TedBot 41 Reputation points

    Following steps performed for PolicyCA crt

    Renewed CA cert with new key pair
    Copied the following files to AD FS location (for CDP/AIA)


    Published IntCA to AD FS

    certutil -dspublish -f " - " SubCA

    No comments

  4. TedBot 41 Reputation points