ADCA Windows 2012 R2 and removing old certificates
Posted on 2016-10-20
We have a large internal PKI environment with an offline root and 2 sub CA's which services our 10K users and 15K devices. I use the certutil command every two weeks to remove failed request, revoked certs etc.. but what really needs to be done is clear the DB of all the expired certs. I am nervous about using the certutil command to do this since I do not want to remove a 'valid none expired certificate"