Q. Is there an easy way to clean the database of a Windows Certification Authority (CA)? I'd like to remove expired certificate entries from the database.

Jan De Clercq

June 24, 2010

1 Min Read
ITPro Today logo in a gray background | ITPro Today

A. You can clean up certificate records manually using the certutil.exe command line utility that's bundled with the Windows OS. To do so, you must first log on with administrator privileges. Then open a command prompt, and use certutil with the -deleterow switch. You can use the certutil tool to delete both certificate entries and certificate request and CRL entries from the CA database. To get more information on the -deleterow certutil option, use the following at the command line:

Certutil –deleterow /?

 The Windows CA database is based on JET, the Microsoft database engine that's used in many other Microsoft products, including Access, SQL Server, and Exchange. This means you can also defragment the CA database using standard JET maintenance tools such as eseutil.exe.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like