Microsoft KB Archive/262095

= How to List and Remove Existing Windows 2000 Certificate Server Key Pairs Generated with Microsoft Base Cryptographic Provider 1.0 =

Article ID: 262095

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q262095



SUMMARY
This article describes how to list and remove existing Windows 2000 Certificate Server key pairs.



MORE INFORMATION
You can remove existing Windows 2000 Certificate Server public and private key pairs by using the Certutil.exe utility. To do so, first list the currently installed keys by typing the following line at a command prompt:

certutil -key

The container names of key pairs for any previously installed Certification Authorities are listed under the &quot;Microsoft Base Cryptographic Provider v1.0&quot; section. The container name should be the same as the name originally given to the Certification Authority. After you have identified the name of the container, you can delete it by using the following command:

certutil -delkey

The Certutil.exe utility is available only on a Windows 2000-based server that has Certificate Services installed. Before you remove a key pair, you must be sure that the key is not needed by any other programs.

You can also use the Certutil.exe utility to backup and restore keys and certificates. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

185195 How to Use Key and Certificate Backup/Restore Utility

Additional query words: certserv

Keywords: kbcertservices kbhowto KB262095

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.