Delete old certificate on successful renewal


#1

Hi,

I was wondering if there was a way that when a certificate is renewed there could be an option to remove the obsolete certificate from the store. I recently had 2 certificates for a site in the certificate store which prompted a warning in event viewer that a certificate was close to expiring. Since the cert would no longer be in use is there a way to automate its removal?

Thanks!


#2

Hi, the app will automatically cleanup any certificates with [Certify] in the friendly name a month after they have expired. The reason we don’t delete this immediately is there is not way for us to know (currently) if a user has used the certificate in other ways outside of IIS bindings (such as a mail server or remote desktop services etc).

We’ve looked into options to better detect certificate usage but they are not currently proving reliable enough to delete certificates.

You can optionally use the Post Request scripting option (Advanced) to do your own certificate cleanup but I don’t have an example script.


#3

Ahh makes sense, thank you!