If you’ve ever worked with secure websites, with the https:// beginning, you know how tricky they can get. You can easily end up with lots of various experiments for those certificates in your IIS binding drop-down boxes. It becomes a nightmare to figure out which are good and which are old.
DO NOT REVOKE THE CERTIFICATES!
Yes, I learned the hard way. Revoking certificates is very, very bad. You just want to delete the certificate. But Windows definitely doesn’t make that easy.
Here is how you delete a certificate on your Windows Server machine.
Note I’m running on Windows Server 2016 so your exact windows might vary slightly.
First, go to a command prompt or run prompt. Type in:
CERTMGR
This brings up the Certificate Manager for your computer.
In this window, expand the “web hosting” folder.
Now RIGHT click on the particular certificate you want to delete. You’ll get a list of options. One of the options is to delete that certificate.
Click the delete button and that certificate will go away.
Note that I am using WinACME as a front end to the LetsEncrypt system to create my secure websites for my Windows Server IIS webserver. So every time I renew or test a certificate with this software, another certificate is added to this listing. I definitely need to then delete those certificates in order to keep the list manageable.
I’ll also note that LetsEncrypt has a weekly limit of 50 entries, so when you’re testing, test judiciously. Take it slow so you don’t hit against that 50 entry cap.
The key reason I had to race to delete certificates is that somehow I mistakenly revoked a certificate via WinACME. My website then refused to let anyone visit it, claiming I might have been hacked in big letters on it. I struggled to figure out how to “fix” the revocation. It turns out what I had to do was delete, from my server’s hard drive, that revoked certificate itself. Somehow nobody on the web had that information available!
Ask with any questions!
Leave a Reply