Delete a Certificate

Applies To: Windows Server 2008

Certificates can become obsolete for a number of reasons, such as when they are compromised, become corrupted, or are replaced by a new certificate. However, even when a certificate is deleted, the corresponding private key is not deleted.


Before deleting a certificate, be sure that you will not need it later for purposes such as reading old documents that were encrypted with the certificate's private key.

Users or local Administrators are the minimum group memberships required to complete this procedure. Review the details in "Additional considerations" in this topic.

To delete a certificate

  1. Open the Certificates snap-in for a user, computer, or service.

  2. Do one of the following:

    • If you are in Logical Certificate Stores view mode, in the console tree, click Certificates.

    • If you are in Certificate Purpose view mode, in the console tree, click Purpose.

  3. In the details pane, click the certificate you want to delete. (To select multiple certificates, hold down CTRL and click each certificate.)

  4. On the Action menu, click Delete.

  5. Click Yes if you are sure you want to permanently delete the certificate.

Additional considerations

  • User certificates can be managed by the user or by an administrator. Certificates issued to a computer or service can only be managed by an administrator or user who has been given the appropriate permissions.

  • To open the Certificates snap-in, see Add the Certificates Snap-in to an MMC.

  • In some instances, there is not a Certificates folder in the console tree. In that case, navigate in the console tree until the certificate you want appears in the details pane, and then continue with the procedure.

  • You might want to back up the certificate by exporting it before you delete it. For the procedure to export a certificate, see Back Up Certificates.