česky | cymraeg | deutsch | english | español | français | nederlands | português --- further step by step guides
Delete expired certificates (Step by step guide)
Here is a description in detail, how to delete expired certificates.
An important point to clarify in general is to see what to do with expired certificates.
If you commonly encrypts messages, it is important to not uninstall or delete them. In fact, the messages exchanged with older versions of certificates become illegible if the older certificates are no more available in the certificate store. If you remove them, older sent/received messages will be unreadable, because they are still encrypted and it is necessary to decrypt them for every next read; this is why the older certificates must be still saved and available in the certificate store.
You can revoke your certificate on the CAcert.org web page containing the list of your certificates. CAcert will add the revoked certificate into the Certificate Revocation List (CRL). Here is how looks the list page of client certificates, the page for server certificates is very similar.
If you really wish to completely your certificate with the corresponding private key, surely you know that you have it saved:
- in any computer, or multiple computers (client certificate),
- in your email or web server (server certificate),
- and, possibly, in a backup file.
Thus, it's sufficient to remove the certificate in question from the appropriate store. For example, the Windows system certificate store is accessible by the Certificates module of the MMC administrative tool.
- You can find client certificates in Windows under "Certificates - Current User - Personal - Certificates.
- You can find server certificates for Windows servers under "Certificates (Local Computer) - Personal - Certificates. However, you can manage them, including remove, using administrative tools (managers) of a web server (IIS) or an email server (Exchange).
It is sufficient to delete, or possibly archive, the backup file.
Note that the Firefox browser and the Thunderbird email client have their own certificate store. So the certificates have to be deleted using the certificate manager of the given programs. Here the client certificates are concerned.
- Firefox 44.0a2: Menu (upper right icon) - Options - Advanced - Certificates - button "View Certificates"
- Thunderbird 38.7.2: Menu Tools - Options - Advanced - Certificates - button "View Certificates"
You can find the client certificates in the manager window on the "Your Certificates" tab. Select the certificate you wish to delete and then press the "Delete..." button.
Source: PC/15