A Step-by-Step Guide to Remove SSL Certificate from Windows 10
Removing SSL certificates from Windows 10 is a straightforward process that ensures your system’s security settings meet your needs. Understanding how to remove SSL certificates from Windows 10 can help you manage trusted connections and protect sensitive information.
Whether you need to replace outdated certificates or troubleshoot connectivity issues, this guide provides step-by-step instructions. By following these steps, you can easily navigate the Windows Certificate Manager, find the relevant certificates, and delete them safely.
This process is essential for maintaining optimal system performance and security, ensuring that your personal data and communications remain protected.
How to Open the Certificate Manager in Windows 10
The Certificate Manager in Windows allows you to manage all SSL/TLS certificates installed on your user account or computer. This includes viewing, adding, exporting, and deleting certificates.
To open the Certificate Manager in Windows 10:
- Open Certificate Manager
- Navigate the Certificate Store
- Locate SSL Certificates
- Explore Certificate Categories
Open Certificate Manager
- Click on the Start menu.
- Type certmgr.msc in the search box and press Enter.
Navigate the Certificate Store
- The Certificate Manager snap-in will open.
- On the left side, you’ll see a folder tree. Expand the folders to navigate through the certificate stores.
Locate SSL Certificates
- The main categories under each store include Personal, Intermediate Certification Authorities, and Trusted Root Certification Authorities.
- Typically, your SSL certificates will be found in the Personal certificate store of either the Current User or Local Computer.
Once you have accessed the correct certificate store, you can view, export, or delete any of the installed certificates.
How to Export an SSL Certificate for Backup
Before deleting a certificate, it’s a good idea to export and back it up in case you need to reinstall it later.
Here’s how to export a certificate in Windows:
- Open the Certificate Manager
- Select the Certificate
- Use the Export Wizard
- Choose Export Format
- Specify File Location
- Set a Password
- Complete the Export
- Store Safely
Open the Certificate Manager
- Navigate to the Personal store within the Certificate Manager.
Select the Certificate
- Browse to the specific certificate you want to export.
- Right-click the certificate and choose All Tasks > Export.
Use the Export Wizard
- The Certificate Export Wizard will open. Click Next to proceed.
Choose Export Format
- Select the desired export file format:
- PKCS #12 (.PFX): Includes the private key and is used for importing the certificate elsewhere.
- Base-64 encoded X.509 (.CER): Does not include the private key and is typically used for sharing the public key.
- Click Next.
Specify File Location
- Choose the location and file name for the exported certificate.
- Click Next.
Set a Password
- If exporting as a .PFX file, create and confirm a password to protect the certificate.
- Click Next.
Complete the Export
- Click Finish to complete the export process.
- Your certificate is now exported with password protection.
Store Safely
- Keep the exported certificate file in a secure location in case you need to re-import it later.
How to Delete an SSL Certificate in Windows 10
Once you’ve exported the certificate for backup, you can delete the original from the certificate store.
To Delete a User Certificate
- Open the Certificate Manager and browse to the certificate in the Personal store under Current User.
- Right-click the certificate and select Delete.
- Confirm the deletion in the prompt window.
- The certificate has been removed from your user account’s store.
To Delete a Computer Certificate:
- Go to the Personal store under Local Computer instead.
- Right-click the certificate and select Delete.
- Confirm the deletion.
- The certificate has now been removed from your computer’s store.
- You may need to grant administrator permission to delete computer certificates.
Using the CertUtil Tool to Delete Certificates
The CertUtil command line program can also be used to delete certificates from the certificate store through the Windows command prompt.
To delete a certificate with CertUtil:
- Open a command prompt window as administrator.
- Type the command certutil -store NAMEOFSTORE delete CERTNAME.
- Replace NAMEOFSTORE with the certificate store such as My, CA, Root, etc.
- Replace CERTNAME with the subject name of the certificate.
- Press enter to execute the deletion.
- Run certutil -store -user MY to verify the certificate no longer exists.
CertUtil provides more options for managing certificates from the command line. Refer to the documentation for additional commands.
How to Be Clearing Your Browser to Complete Certificate Removal
Once a certificate is deleted from the Windows certificate store, there is one final step. To complete the removal process, you should also clear the SSL state in your web browser.
In Google Chrome
- Click the 3-dot menu > Settings > Privacy and Security.
- Under “Security,” click Clear browsing data.
- Check “Cached images and files” and “Cookies and other site data.”
- Set the time range to “All time.”
- Click Clear data. This wipes the browser’s SSL state.
In Mozilla Firefox:
- Click the 3-line menu > Options > Privacy & Security.
- Scroll down and click “Clear Data”.
- Select “Cookies and Site Data” and “Cached Web Content”.
- Click the “Clear” button.
In Microsoft Edge:
- Click the 3-dot menu > Settings > Privacy, search, and services.
- Under “Clear browsing data,” click Choose what to clear.
- Check Cookies and Cached data and images.
- Click Clear now.
After clearing your browser, the SSL certificate should be completely removed from your system. The browser will no longer recognize or use that certificate for secure connections.
Final Thoughts
Removing unwanted SSL certificates in Windows 10 involves using the Certificate Manager, exporting certificates first for backup, deleting them from personal stores, and then clearing your browsers with cached data, cookies, and images.
The CertUtil command line tool provides an alternate way to delete certificates from the Windows command line. Following these steps will allow you to remove SSL certificates from Windows 10 machines successfully.
Frequently Asked Questions (FAQs)
Do I need to restart my computer after deleting a certificate?
Restarting your computer is not required, but you should restart any currently open web browsers to clear the certificate from browser processes and memory fully.
Where are intermediate certificates stored in Windows?
Intermediate CA certificates are stored under Intermediate Certification Authorities in the certificate manager. They help chain trust from a leaf certificate to the root CA.
Can I delete a certificate from Chrome directly?
Chrome has its certificate store. To delete a certificate, you’ll need to go into Chrome settings, manage certificates, and delete it from there as well.
Is there a PowerShell command to delete certificates?
Yes, you can use PowerShell cmdlets like Remove-Item to delete certificates instead of the CertUtil tool.
Can I recover a deleted certificate?
You can re-import the certificate from the backup file as long as you exported it before deleting it. Otherwise, the certificate and private key are permanently deleted.
Do websites stop working if I delete their SSL certificate?
No, public websites do not use certificates installed on your local system. Their web servers have their certificates.
Where are root CA certificates stored in Windows?
Trusted root CA certificates are stored under Trusted Root Certification Authorities in the Windows certificate manager.
Jinu Arjun
