Delete a certificate windows xp

Ask a question. Quick access. Search related threads. Remove From My Forums. Answered by:. Archived Forums.

Windows 7 Security. Sign in to vote. Thanks, Chris Z. Wednesday, July 17, PM. Regards, Lutz. Marked as answer by tracycai Thursday, August 1, AM.

Tuesday, July 23, PM. Hi Chris, I used this script to cleanup all the certs generated from Fiddler. Close Regards, Lutz. Hi Lutz, Thanks for the quick response. If necessary, certificates are regenerated from the user's Smart Card.

Thursday, July 18, PM. Saturday, July 20, AM. Hi Lutz, Thanks for the confirmation on that. But, I will keep this for reference.

Monday, July 22, PM. Just to let you know I am running this on Windows 7 workstations. Thanks, Lutz. This prevents a Windows XP SP2 user from declaring a Microsoft-trusted certification authority as untrusted unless the user turns off the Windows component that controls this feature.

Note: Windows Vista works quite differently than Windows XP SP2 in this regard, and has significant but different problems with Microsoft-trusted root certificates: the user cannot mark them as untrusted. The differences between the two versions of Windows are covered in the last section.

This identification is done with a public key infrastructure PKI. For the PKI to work, relying parties in this case, users who use the web or email need to inherently trust one or more CAs to provide identification services. Windows XP SP2 comes with approximately root certificates from approximately reputation providers, banks, governments, and so on. There are many reasons why a user or organization might want to stop trusting a built-in root certificate for authentication, even if the CA is trusted by Microsoft.

The most obvious reason is if the certification authority CA "goes rogue", meaning that it starts purposely or inadvertently issuing untrustworthy certificates; for example, the owner of the private key might sell it to a criminal organization who could profit from setting up SSL-based web sites that fool users into revealing private information. Other reasons include:.

If a user running Windows XP SP2 in its default configuration removes a root certificate that is one that Microsoft trusts, Windows will re-install that root certificate and again start to trust certifcates that come from that root without alerting the user. This re-installation and renewed trust happens as soon as the user visits a SSL-based web site using Internet Explorer or any other web browser that uses the Cryptographic Application Programming Interface CAPI built-in to Windows; it will also happen when the user receives secure email using Outlook, Microsoft Mail, or another mail program that uses CAPI, as long as that mail is signed by a certificate that is based on that root certificate.

In essence, this means that the user cannot remove trust of a root certificate unless that user also takes another step described below that prevents Windows from taking this action. Further, it also means that a user can be fooled into thinking that they have removed trust in that root certificate when in fact they haven't.

Note that the problems described in this document pertain to users whose software uses CAPI. For example, at the time of this writing, the Mozilla family of software the Firefox browser and Thunderbird mail client do not use CAPI, and therefore do not trigger the hidden reinstallation described here. Details required :. Cancel Submit. Wungraileng Vashi. Hi, Thank you for posting your query in Microsoft Community.

If you would let us know the conflicts that you are referring to, we will be glad to assist you. To view the certificates in Internet Explorer, follow the steps below: 1. Type inetcpl. Click on " content " tab and click " certificates ". All the available certificates will be listed there.

Locate the particular certificate that you are looking for and remove it. You can also try the steps below to view the certificates: 1.