Re: Ho to remove keys from the Windows 2003 CA archive

From: lelteto (lelteto_at_discussions.microsoft.com)
Date: 03/01/05

Next message: lelteto: "RE: Modify public key only in the key container"
Previous message: Noolyg: "Re: Storing certificate on a hardware token (SC)"
In reply to: David Cross [MS]: "Re: Ho to remove keys from the Windows 2003 CA archive"
Next in thread: selkin: "Re: Ho to remove keys from the Windows 2003 CA archive"
Reply: selkin: "Re: Ho to remove keys from the Windows 2003 CA archive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 1 Mar 2005 08:15:04 -0800

There are two ways to 'remove' keys:
1. delete the container (assuming it has one key or you intend to remove
both keys).
2. overwrite the key (generate a new key or import one)
Note that in both cases if you keep the certificate around you may run into
trouble (in the first case it will not find the referred container; in the
second case it may be even more problematic as now the cert and key pair
would not match).
Also, in case of encryption keys you may want to 'keep them around' (ie.
archive) anyway - although you definitely can (actually, should) delete
signing private keys when they are not needed any more.

Laszlo Elteto
SafeNet, Inc.

"David Cross [MS]" wrote:

> How do you determine something should be purged is not a simple challenge
> and therefore why we don't expose a simple mechanism or auto-purge
> mechanism.
>
> --
> David B. Cross [MS]
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> Top Whitepapers:
>
> Auto-enrollment whitepaper:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/autoenro.mspx
>
> Best Practices for implementing Windows Server 2003 PKI:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/ws3pkibp.mspx
>
> Troubleshooting Certificate Status and Revocation whitepaper:
> http://www.microsoft.com/technet/security/topics/crypto/tshtcrl.mspx
>
> Windows Server 2003 web enrollment and troubleshooting guide:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/webenroll.mspx
> "selkin" <stewart_elkin@hotmail.com> wrote in message
> news:1109670677.300814.143190@l41g2000cwc.googlegroups.com...
> > What is the mechanism for removing or purging items from the key
> > archive, e.g. when they are beyond thier useful life?
> >
> > Is there any MS documentation that describes how to do this? Thanks.
> >
>
>
>

Next message: lelteto: "RE: Modify public key only in the key container"
Previous message: Noolyg: "Re: Storing certificate on a hardware token (SC)"
In reply to: David Cross [MS]: "Re: Ho to remove keys from the Windows 2003 CA archive"
Next in thread: selkin: "Re: Ho to remove keys from the Windows 2003 CA archive"
Reply: selkin: "Re: Ho to remove keys from the Windows 2003 CA archive"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Indexing attributes for containerized searches
... Joe Richards Microsoft MVP Windows Server Directory Services ... Author of O'Reilly Active Directory Third Edition ... excessive time performing a search against the AD. ... "The search routines provided in the LDAP API and with Microsoft ADSI permits searching a container rather than the entire directory. ...
(microsoft.public.windows.server.active_directory)
Re: GPO Security Filtering not working.....
... relation to that container? ... Also, remember that computer settings only apply to computers, and user ... Microsoft MVP - Windows Server - Directory Services ...
(microsoft.public.windows.server.active_directory)