My Win2012R2 Subordinate Enteprise CA certificate has expired. I already have a new one working. How can i remove the expired certificate? I see the expired
certificate on the general tab of MMC CA console of the Enterprise CA but it
does not have any remove option.
I have to revoke it on the offline CA Root so it disappears from the
Enerprise CA?
This is a regular operation and i dont see any information in the net saying
how the expired certificate is removed or revoked from the enterprise CA.
Best Answer
No, you should not remove or revoke expired CA certificate. It is used to sign CRLs for that CA cert key. It is important, when there are signing certificates, which can be validated even after entire chain expiration. This is why there is no button to remove the certificate.