Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,183 questions
"certutil -oid <oid> delete" not working for custom application policy
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 17%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Andrea Matesi
1
Reputation point
I tried adding a new OID via certificate templates management -> application policy.
The new OID details that was added as per below.
Name: netscape-comment
OID: 2.16.840.1.113730.1.13
- Now I wish to remove it and recreate it but unfortunately this seems not to work.
Things I've tried:
certutil -oid 2.16.840.1.113730.1.13 delete
Stopped EnterpriseCA service, tried certutil command again then started EnterpriseCA service. -> No luck
Used the command with "-delete" (ie. instead of just "delete") - No luck.
Command Output:
C:\WINDOWS\system32>certutil -oid 2.16.840.1.113730.1.13 delete
2.16.840.1.113730.1.13 -- Netscape Comment (netscape-comment)
pwszName = Netscape Comment CRYPT_EXT_OR_ATTR_OID_GROUP_ID (6)
dwValue = 0
2.16.840.1.113730.1.13 -- Netscape Comment (netscape-comment)
pwszName = netscape-comment CRYPT_ENHKEY_USAGE_OID_GROUP_ID (7)
dwValue = 0 No display names
CertUtil: -oid command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND) CertUtil: The system cannot find the file specified.
ADSI Edit -> Config -> Services -> Public Key Services -> OID -> Search for OID starting from number 3 -> Not found.
ldp.exe (same as per ADSI Edit).
regedit -> search for "netscape-comment" -> Nothing found.
I'm at a loss - help?
Rel. screenshots.
{count} votes
-
Ryan Hill 26,056 Reputation points Microsoft Employee2021-03-29T16:41:54.45+00:00 Hi @Andrea Matesi , in looking at your screen shots, is this a on-premises app?
EDIT: I've retagged your question under Windows Server, which I believe your issue falls under.
Regards,
Ryan -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Daisy Zhou 18,716 Reputation points Microsoft Vendor2021-03-31T09:41:18.24+00:00 Hello @Andrea Matesi ,
Thank you for posting here.
I have tested in my lab several times, and I did not find the way to delete the OID currently.
And I will research later, if there is any update I will reply you.
Thank you for your understanding and support.
Best Regards,
Daisy ZhouBest Regards,
Daisy Zhou
Sign in to comment