Remove expired Root CA certs - OK and how to clean up?

SenhorDolas 1,271 Reputation points
2022-03-09T16:48:32.817+00:00

Hello!

I have a few expired root CA certs in my internal CA which are still being issued to new machines.

Is it OK to remove these certs from the tabs in ***Enterprise PKI > Manage AD Containers*?**

181518-31.png181536-22.png181564-11.png

Also just to test an app that is failing to read the current Root CA, can I remove the expired certs from the server directly?
I understand that the PKI will resend them but I just need a quick test on this.
181519-41.png

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,245 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,782 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vadims Podāns 9,116 Reputation points MVP
    2022-03-09T17:15:18.987+00:00

    Those which are flagged as "Not time valid" are safe to be removed from "Manage AD Container" dialogs. Then they will be gone from Certificates MMC snap-in.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful