尝试从 Windows 2019 AD 域控制器中删除证书颁发机构角色时卡住了

尝试从 Windows 2019 AD 域控制器中删除证书颁发机构角色时卡住了

我正在尝试从 Windows 2019 AD 域控制器中删除证书颁发机构角色,但停留在以下 MS KB 文章的步骤 5、第 4 项“删除与 CA 关联的私钥”:
如何停用 Windows 企业证书颁发机构并删除所有相关对象
我无法传递以下错误:
CertUtil: -delkey command FAILED: 0x80090016 (-2146893802 NTE_BAD_KEYSET) CertUtil: Keyset does not exist 有人能告诉我我做错了什么吗?
这是我的命令:

  C:\Users\theadmin>certutil -shutdown
  CertUtil: -shutdown command completed successfully.
    
  C:\Users\theadmin>certutil -getreg CA\CSP\Provider
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration\bennett-SYDDC03-CA\CSP:
    Provider REG_SZ = Microsoft Software Key Storage Provider
  CertUtil: -getreg command completed successfully.

  C:\Users\theadmin>certutil -CSP KSP -Key
  Microsoft Software Key Storage Provider:
  bennett-SYDDC03-CA-Xchg(365)
  4d183c7256e5a7ea7f353e66e42df2e3_ae2176ee-5d82-4797-a135-97e409c6ec69
  RSA
    AT_KEYEXCHANGE

  iisCngWasKey
  597367cc37b886d7ee6c493e3befb421_ae2176ee-5d82-4797-a135-97e409c6ec69
  SP800_108_CTR_HMAC
  KEY_DERIVATION

  bennett-SYDDC03-CA
  9cbcfcd7540d895eab9505d386b02142_ae2176ee-5d82-4797-a135-97e409c6ec69
  RSA
    AT_KEYEXCHANGE

  iisCngConfigurationKey
  f0e91f6485ac2d09485e4ec18135601e_ae2176ee-5d82-4797-a135-97e409c6ec69
  SP800_108_CTR_HMAC
  KEY_DERIVATION

  CertUtil: -key command completed successfully.

  C:\Users\theadmin>certutil -delkey "bennett-SYDDC03-CA"
  CertUtil: -delkey command FAILED: 0x80090016 (-2146893802 NTE_BAD_KEYSET)
  CertUtil: Keyset does not exist

  C:\Users\theadmin>certutil -delkey "bennett-SYDDC03-CA-Xchg(365)"
  CertUtil: -delkey command FAILED: 0x80090016 (-2146893802 NTE_BAD_KEYSET)
  CertUtil: Keyset does not exist'

答案1

当你有Microsoft 软件密钥存储提供商作为提供商,您还需要添加-CSP 韩国删除命令以使其成功。

certutil -CSP KSP -delkey CertificateAuthorityName

就你的情况而言:

certutil -CSP KSP -delkey "bennett-SYDDC03-CA"

相关内容