Hi there,
Were running a 3-Tier PKI with Win2k8 R2 and our Root and Policy CA servers are configured for offline, as added security what we did with our older Win2k3 R2 was to remove the certificate and private keys and stop the CA server for the Root and Policy using certutil. Then if we need to renew a certificate for the Root/Policy we import the Root and Policy CA keys again and restart the CA service.
However right now on our Win2k8 R2 I'm trying th do the certutil -delkey to remove the Root and Policy servers private keys before we stop the CA Service but it keeps on giving the error:
certutil -delkey "Root CA"
CertUtil: -delkey command FAILED: 0x80090016 (-2146893802)
CertUtil: Keyset does not exist
so I cannot delete the certificate and its private keys.
Can anyone please advise or suggest what might be the cause?
Thanks.
Momo