Remove certificates for Message Queuing

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To remove certificates for Message Queuing

  1. Open Computer Management.

  2. In the console tree, right-click Message Queuing.

    Where?

    • Computer Management/Services and Applications/Message Queuing

  3. Click Properties.

  4. In the Message Queuing Properties dialog box, click the User Certificate tab, and then under User certificates, click Remove.

  5. In the Personal Certificates dialog box, click the applicable user certificate, and then click Remove.

Notes

  • To open Computer Management, right-click My Computer, and then click Manage.

  • A list of all certificates registered for the user in Active Directory is displayed in the Personal Certificates dialog box. There might be a certificate for the same user on more than one computer, including the computer from which you are currently running the MMC snap-in. The list will take the form of domain\user, computer name.

  • You can remove any user certificate that is listed. However, if a registered certificate for a computer is removed using another computer, the certificate is removed from Active Directory, but will still exist on the local computer.

  • Active Directory sets a multi-valued attribute limit of approximately 800 user certificates for a specific user account. This limit is usually exceeded when obsolete user certificates have not been deleted from Active Directory. If multiple certificates exist for a user account (user account, computer_name), indicating obsolete entries, then only the latest certificate is used, and the others can be deleted. For example:

    • DOMAINA\user1, computer3

    • DOMAINA\user1, computer3

    • DOMAINA\user1, computer3

  • You can check which is the latest entry for DOMAINA\user1, computer3, and delete the other computer3 entries. To check the latest entry, click the required certificate, and then click View Certificate. On the Details tab, look at the Valid from field. Note that only the certificate with the most recent Valid from date is in use. The others are obsolete.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Authentication for Message Queuing
Register certificates for Message Queuing
Renew certificates for Message Queuing
Working with MMC console files