Hello, I'm working on a 2003R2 server's certificate store. In the store "trusted root CA" I noted a lot of certificates of (commercial) CAs which are expired and thus not valid. Am I correct in assuming that these certificates are not needed any more and can be deleted? I vaguely remember having read that in principle I could clear the entire "trusted root" store and it will be filled back in on demand, as soon as anyone tries to access this certificate. Is this mechanism already present in 2003R2? Regards, AngusMac

Hi, Security sub forum would be best to ask Certificate related queries, I would suggest you to ask there. http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threadsI do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

Will do, thank you.Regards, AngusMac