[thelist] Win2K certificate store problems

[David Wagner]

This is a bit off topic, but might be fun for you NT/2000 admin types out
there:

I have inherited pooper-scooper duties for a Windows 2000 server (running
IIS 5.0).

This server has a problematic site certificate (issued by Thawte) which,
for some unknown reason, doesn't have a private key, and therefore doesn't
allow an SSL connection. If there was a backup of the key, I'd have
re-attached it and never would have noticed the real problem -- but
there's not, so I did.

The real problem is that I can't delete certificates from the certificate
store.

I right-click a certificate, select "Delete", click "OK" when it asks me
if I'm really-truly-positively sure I want to delete it, and it does
nothing. It doesn't even pretend to do anything. Selecting a certificate
and clicking the Delete button yields the same astounding lack of results.
They just won't go away, and it's not just the keyless cert; they all
appear to be stuck for eternity.

I've tried stopping the Web Publishing service and then deleting the
certs, but that doesn't seem to have any useful effect (aside from
irritating users).

Now, obviously, I'm not terribly clear on the care and handling of
certificates, but having exhausted the extensive Windows 2000 help ("To
delete a certificate, select it and click 'Delete'"), I find myself in
need of either:
1) Some magic Windows voodoo charms or mojos or something, or
2) a good smack upside the head to make it clear that I'm missing an
obvious point.

If anyone can offer either solution, I'll happily hold still long enough
to accept it. Thanks!

<tip type="Server Administration" author="David Wagner">

Immediately upon taking control of a server, back up everything in sight,
twice. Don't trust the previous admin to tell you where to find stuff --
they probably enjoy watching you squirm.

</tip>

-- 

David Wagner
dave at worlddomination.net