How to List and Remove Existing Windows 2000 Certificate Server Key Pairs Generated with Microsoft Base Cryptographic Provider 1.0 (262095)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
This article was previously published under Q262095

SUMMARY

This article describes how to list and remove existing Windows 2000 Certificate Server key pairs.

MORE INFORMATION

You can remove existing Windows 2000 Certificate Server public and private key pairs by using the Certutil.exe utility. To do so, first list the currently installed keys by typing the following line at a command prompt:

certutil -key

The container names of key pairs for any previously installed Certification Authorities are listed under the "Microsoft Base Cryptographic Provider v1.0" section. The container name should be the same as the name originally given to the Certification Authority. After you have identified the name of the container, you can delete it by using the following command:

certutil -delkey CA_name

The Certutil.exe utility is available only on a Windows 2000-based server that has Certificate Services installed. Before you remove a key pair, you must be sure that the key is not needed by any other programs.

You can also use the Certutil.exe utility to backup and restore keys and certificates. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

185195 How to Use Key and Certificate Backup/Restore Utility

Modification Type:MinorLast Reviewed:10/13/2004
Keywords:kbCertServices kbhowto w2000certsrv KB262095
©2004 Microsoft Corporation. All rights reserved.