česky | cymraeg | deutsch | english | español | français | nederlands | português --- further step by step guides


Delete expired certificates (Step by step guide)

Here is a description in detail, how to delete expired certificates.

An important point to clarify in general is to see what to do with expired certificates.

If you commonly encrypts messages, it is important to not uninstall or delete them. In fact, the messages exchanged with older versions of certificates become illegible if the older certificates are no more available in the certificate store. If you remove them, older sent/received messages will be unreadable, because they are still encrypted and it is necessary to decrypt them for every next read; this is why the older certificates must be still saved and available in the certificate store.

You can revoke your certificate on the CAcert.org web page containing the list of your certificates. CAcert will add the revoked certificate into the Certificate Revocation List (CRL). Here is how looks the list page of client certificates, the page for server certificates is very similar.

Revoke the certificate at CAcert

If you really wish to completely your certificate with the corresponding private key, surely you know that you have it saved:

Thus, it's sufficient to remove the certificate in question from the appropriate store. For example, the Windows system certificate store is accessible by the Certificates module of the MMC administrative tool.

Delete a certificate in Windows

It is sufficient to delete, or possibly archive, the backup file.

Note that the Firefox browser and the Thunderbird email client have their own certificate store. So the certificates have to be deleted using the certificate manager of the given programs. Here the client certificates are concerned.

You can find the client certificates in the manager window on the "Your Certificates" tab. Select the certificate you wish to delete and then press the "Delete..." button.

DeleteCert-3.gif

Source: PC/15