Certificates can become obsolete for a number of reasons, such as when they are compromised, become corrupted, or are replaced by a new certificate. However, even when a certificate is deleted, the corresponding private key is not deleted.


Before deleting a certificate, be sure that you will not need it later for purposes such as reading old documents that were encrypted with the certificate's private key.

Users or local Administrators is the minimum group membership required to complete this procedure. Review the details in "Additional considerations" in this topic.

To delete a certificate
  1. Open the Certificates snap-in for a user, computer, or service.

  2. In the console tree under the logical store that contains the certificate to delete, click Certificates.

  3. In the details pane, click the certificate that you want to delete. (To select multiple certificates, hold down CTRL and click each certificate.)

  4. On the Action menu, click Delete.

  5. Click Yes if you are sure that you want to permanently delete the certificate.

Additional considerations