Hello, I'm cleaning up very old Enterprise CA objects in AD as machines are still getting pushed old certs between 2005 and 2015 from the old decommissioned objects. One of the steps is to delete NtAuth certs by using this command:
certutil -viewdelstore “ldap:///CN=NtAuthCertificates,CN=Public Key Services,CN=Services,CN=Configuration,DC=domain,DC=com?cACertificate?base?objectclass=certificationAuthority”
I see this Certificate #0 as shown in the picture below in the list of certs (this is our active CA). It expired on 3/19/2020, so not too long ago. Is it also safe to delete this expired cert by using the certutil command up above?
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications. Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
