Expired logon certificates on smartcards not being deleted
- From: Egil <Egil@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 18 Aug 2009 02:34:01 -0700
I have a problem with expired logon certificates on smartcards not being
deleted. This leads to full smartcards.
In Windows Server 2008 PKI and Certificate Security by Brian Komar, p. 270,
it is stated that on a certificate template the "Delete revoked or expired
certificates" option is critical for conserving space on smartcards. However,
this option is not possible to enable when choosing purpose "Signature and
smart card logon" on the template. Is there another way of automatically
deleting expired certificates on smartcards (without using ILM! Our
organisation is way to small to utilise ILM)?
I have also tried using the "Signature" purpose (which enables the
delete-option), but without any further luck in automatically deletion of
expired certs. This purpose also places the cert inside the AT_SIGNATURE key
container of the smartcard, and this again leads to more trouble when joining
clients to domain because of the default setting of not accepting signature
keys for logon (strange default setting by the way).
Any enlightment on the subject is greatly appreciated!
- Prev by Date: Replace Root CA
- Next by Date: Re: not allowed to open file
- Previous by thread: Replace Root CA
- Next by thread: "Cannot open log for source." Application not having access rights