Deleting a Certificate and Keys using Certutil

To delete a credential (certificate and keys) stored on the PIVKey, use a utility, such as vSEC_CMS, or Certutil, the certificate utility included with Microsoft Windows.  The PIVKey minidriver must be installed to load or delete certificates from the PIVKey (without the PIVKey minidriver, the PIVKey will be read-only).  

Deleting a certificate with certutil requires running certutil with administrator rights (or from an elevated command prompt) and requires the exact container name of the credential to delete. This information can be found by opening an elevated command prompt and running certutil with the following options:

certutil -scinfo

or

certutil -key -csp "Microsoft Base Smart Card Crypto Provider"

Make sure to identify the correct container name. 
Note: the name of the container may contain the certificate template name. 

delpic1.png

To delete the container and its associated certificate, run:

certutil -delkey -csp "Microsoft Base Smart Card Crypto Provider" [container-name in quotes]

delpic2.png

In this example, the container that is deleted is the default PIVKey Credential for a PIVKey C910 card.

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk