Share via
Rifka Khairani 40Reputation points
Hi, I have three expired certificates installed in the Trusted Root Certificate Authorities/Certificates:
- utn-userfirst-object
- addtrust external ca root
- quovadis root certification authority
but those three certificates are part of Microsoft Trusted Root Program with NotBefore status (certificate status: [https://ccadb-public.secure.force.com/microsoft/IncludedCACertificateReportForMSFT). There are no applications that use those certificates.
My question: Are those certificates safe to be deleted?
Thank you
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,916 questions
Sign in to follow
0 commentsNo comments
0{count} votes
Sign in to comment
Accepted answer
Thameur-BOURBITA 32,831Reputation points
2023-01-24T07:56:29.5233333+00:00 Hi @Rifka Khairani
If those expired certificates aren't revoked , they can still be used to validate anything signed before their expiration. If not you can delete them
Please don't forget to mark helpful answer as accepted
0 commentsNo comments
Sign in to comment
3 additional answers
Sort by: Most helpful
Most helpful Newest Oldest
Jermain Dettons 10Reputation points
2023-08-09T10:48:37.89+00:00 Elaborating the original question
- WHAT IS THIS CERTIFICATE?
- IF IT'S REVOKED THEN WHY IS IT IN THE TRUSTED ROOT CERTIFICATION AUTHORITIES?
- MINE SHOWS THAT IT STILL HAS: TIME STAMPING, CODE SIGNING & SYSTEM FILE ENCRYPTION - PURPOSES
So yea it sounds like this certificate is still active, SO AGAIN WHAT THE HELL IS IT?
I think we get that expired certificates are for backwards compatibility, and while everyone seems to say "it can only effect anything before expiration date." Do we know this to be absolutely true?
This Microsoft forum NEEDS to do a better job of informing the user instead of saying. uhhhh yea don't delete that or follow this link for information. THE URL SAYS "LEARN.MICROSOFT.COM so teach, by informing........
- Who it is
- what it is
- What it does
- Where it came from
- Whether it's malicious or not
- How to verify it is in-fact safe and needed
THANK YOU!
Tomek Grabowski 31Reputation points
2023-11-14T15:03:41.3766667+00:00 Only sensible reply here. Shame nobody from MS cared to answer.
Sign in to comment
Limitless Technology 44,221Reputation points
2023-01-25T10:03:46.8566667+00:00 Hello there,
Once the certificate expires it is no longer valid. Therefore, once a certificate expires you can safely remove it from the CA database. The one exception to this is if have Key Archival configured on the CA. If you are archiving private keys, you may not want to remove expired CA certificates from the CA database.
Note: Backup the CA including the database and log files prior to deleting any certificates from the database.
For more information ,you can refer to the following link:
https://learn.microsoft.com/en-us/archive/blogs/xdot509/operating-a-windows-pki-removing-expired-certificates-from-the-ca-database
Following script for your reference: https://gallery.technet.microsoft.com/scriptcenter/Script-to-delete-expired-8fcfcf48
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer--
0 commentsNo comments
Sign in to comment
Limitless Technology 44,221Reputation points
2023-01-25T10:03:34.7866667+00:00 Hello there,
Once the certificate expires it is no longer valid. Therefore, once a certificate expires you can safely remove it from the CA database. The one exception to this is if have Key Archival configured on the CA. If you are archiving private keys, you may not want to remove expired CA certificates from the CA database.
Note: Backup the CA including the database and log files prior to deleting any certificates from the database.
For more information ,you can refer to the following link:
https://learn.microsoft.com/en-us/archive/blogs/xdot509/operating-a-windows-pki-removing-expired-certificates-from-the-ca-database
Following script for your reference: https://gallery.technet.microsoft.com/scriptcenter/Script-to-delete-expired-8fcfcf48
Hope this resolves your Query !!
--If the reply is helpful, please Upvote and Accept it as an answer--
0 commentsNo comments
Sign in to comment
Sign in to answer