Share via
AP 1Reputation point
Attempting to delete expired certificate from DC > Certificates (Local Host) > Personal > Certificates
When deleted, reboot the server, the certificate comes back.
Checked any applied group policies, nothing is pushing out certificates.
Any thoughts?
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,809 questions
Sign in to follow
0 commentsNo comments
0{count} votes
Sign in to comment
1 answer
Sort by: Most helpful
Limitless Technology 39,601Reputation points
2022-01-12T20:05:50.713+00:00 Hello @AP
What I would try to do is to remove expired CA certificate from Active Directory. Open pkiview.msc, right-click on Enterprise PKI node and select Manage AD Containers. Switch to "Certification Authorities" tab and remove expired CA certs from there and leave the most recent CA cert.
Further Information:
How to decommission a Windows enterprise certification authority and remove all related objects
https://learn.microsoft.com/en-US/troubleshoot/windows-server/windows-security/decommission-enterprise-certification-authority-and-remove-objectsUninstall a Certification Authority
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc771494(v=ws.11)?redirectedfrom=MSDNHope this helps with your query!
----------
--If the reply is helpful, please Upvote and Accept as answer--
AP 1Reputation point
2022-01-13T17:27:19.423+00:00 So that worked to get rid of the cert from pkiview. However, it still remains in the certlm.msc. And still shows up on our scan.
I’ve attempted to manually delete it from certlm, as well as delete it with a powershell admin via thumbprint. I can get it to go away, but as soon as the server reboots it comes back.Any thoughts?
Sign in to comment
Sign in to answer