Do old certificates pose a security threat?

Tags:
Security certificate
Windows Server 2003
From our Windows Server 2003 Web server, we are using Windows certification services for issuing certificates for our clients. After issuing the certificate to the client, the certificates are stored in the server. Is there any way to delete the issued certificates from the server? Do they pose a security risk if they remain on the server undeleted?
ASKED: February 25, 2008  10:02 PM
UPDATED: February 28, 2008  1:16 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Some whould say they do pose a risk, however, whether they pose a risk or not is really driven by whether the certificates are in use or not.

Yes you can delete the certificate, but that will invalidate the certificate, again assuming it is in use. You need to keep the issued certificates in the certificate store until the certificate expires or is no longer in use.

Remember, if you delete the certificate and you find it was actually needed you would have to re-create (and issue) the certificate. If your concerned about needing the certificate in the future, you could back the certificate up to a .pfx file– but when you do be sure and backup the private and the public key so it can be restored in an operational state.

You would backup and delete the certificates with the Certificates snapin in the MMC and they type of certificate would determine whether it was in the “personal”, “Computer”, or “user” store.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Kevin Beaver
    You could revoke the certificates by loading up the Certification Authority MMC (under Start/Administrative Tools), click Issued Certificates, select the one you want to revoke and then, under the Action menu, select All Tasks, and select Revoke Certificate. I can’t think of any direct vulnerabilities associated with certificates stored on a server assuming that reasonable security controls (i.e. system hardening, current patches, and strong passphrases) are in place. If someone gains access to the server itself, the passwords can be cracked as well, so don’t overlook physical security either.
    15,040 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following