• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 122
  • Last Modified:

Windows 2008 R2 Key Recovery Remove Revoked Certificates

On the WIndows 2008 R2 CA when I go to add a Key Recovery agent certificate for a user, I see a list of old or revoked certificates. How can I remove this from the list of only valid certificates are listed?
0
compdigit44
Asked:
compdigit44
  • 2
1 Solution
 
Will SzymkowskiSenior Solution ArchitectCommented:
Personally I would not be deleting revoked certs but you can however do this using CERTUTIL -deleterow command. For the full list of commands for Certutil see the below link.

https://technet.microsoft.com/en-ca/library/cc732443.aspx#BKMK_deleterow

You may also want to look at the CA Maintenance link below which provide other types of maintenance you can perform on your CA.

Will.
0
 
compdigit44Author Commented:
Thanks for the link... Is there a script that could run on my CA and email out a report of all certs issued from a specific template name / type and when they will expire? or possible have certs from a specific template email a department before they expire???
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Personally, I would be doing this command manually to ensure that you do not delete the wrong values or revoke in correct certs. From my understanding i have not used a script in the past to complete this task.

Will.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now