We've rolled out the Cert Authority role in our domain but don't have it in production yet. We issued some certificates then decided to customize our template. We followed the recommendation and copied the original template and set the original as Superseded. Then more than one cert would show up for staff - the original and the new ones - when you try to find an AD User ( for a certificate in file properties -> Advanced -> Details -> Add -> Find User.) You click to find a user and that person shows up with more than one cert.
We don't have this in production yet and have only encrypted a few test txt files and have tested from only two computers with two test accounts. In an attempt to reduce the number of certificates we simply revoked the older, superseded one. That didn't help. We eventually used certutil -deleterow [cert#] to remove the Superseded cert. That doesn't seem to have helped either. Even the deleted certificate shows up in the list and we can add that.
How do we reduce the number of certificates that staff can choose from when adding additional user certs to an encrypted file? We don't want them to see the revoked/superseded certificates.