If you’ve ever worked with secure websites, with the https:// beginning, you know how tricky they can get. You can easily end up with lots of various experiments for those certificates in your IIS binding drop-down boxes. It becomes a nightmare to figure out which are good and which are old.
DO NOT REVOKE THE CERTIFICATES!
Yes, I learned the hard way. Revoking certificates is very, very bad. You just want to delete the certificate. But Windows definitely doesn’t make that easy.
Here is how you delete a certificate on your Windows Server machine.
Note I’m running on Windows Server 2016 so your exact windows might vary slightly.
First, go to a command prompt or run prompt. Type in:
This brings up the Certificate Manager for your computer.
In this window, expand the “web hosting” folder.
Now RIGHT click on the particular certificate you want to delete. You’ll get a list of options. One of the options is to delete that certificate.
Click the delete button and that certificate will go away.
Note that I am using WinACME as a front end to the LetsEncrypt system to create my secure websites for my Windows Server IIS webserver. So every time I renew or test a certificate with this software, another certificate is added to this listing. I definitely need to then delete those certificates in order to keep the list manageable.
I’ll also note that LetsEncrypt has a weekly limit of 50 entries, so when you’re testing, test judiciously. Take it slow so you don’t hit against that 50 entry cap.
The key reason I had to race to delete certificates is that somehow I mistakenly revoked a certificate via WinACME. My website then refused to let anyone visit it, claiming I might have been hacked in big letters on it. I struggled to figure out how to “fix” the revocation. It turns out what I had to do was delete, from my server’s hard drive, that revoked certificate itself. Somehow nobody on the web had that information available!
Ask with any questions!
Leave a Reply