Certificates can become obsolete for a number of reasons, such as when they are compromised, become corrupted, or are replaced by a new certificate. However, even when a certificate is deleted, the corresponding private key is not deleted.
Important | |
Before deleting a certificate, be sure that you will not need it later for purposes such as reading old documents that were encrypted with the certificate's private key. |
Users or local Administrators is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.
To delete a certificate |
Open the Certificates snap-in for a user, computer, or service.
In the console tree under the logical store that contains the certificate to delete, click Certificates.
In the details pane, click the certificate that you want to delete. (To select multiple certificates, hold down CTRL and click each certificate.)
On the Action menu, click Delete.
Click Yes if you are sure that you want to permanently delete the certificate.
Additional considerations
-
User certificates can be managed by the user or by an administrator. Certificates issued to a computer or service can only be managed by an administrator or user who has been given the appropriate permissions.
-
To open the Certificates snap-in, see Add the Certificates Snap-in to an MMC.
-
You might want to back up the certificate by exporting it before you delete it. For the procedure to export a certificate, see Export a Certificate.