question

AndreaMatesi-4823 avatar image
0 Votes"
AndreaMatesi-4823 asked DaisyZhou-MSFT commented

"certutil -oid <oid> delete" not working for custom application policy

I tried adding a new OID via certificate templates management -> application policy.

The new OID details that was added as per below.

Name: netscape-comment
OID: 2.16.840.1.113730.1.13

  • Now I wish to remove it and recreate it but unfortunately this seems not to work.

Things I've tried:
certutil -oid 2.16.840.1.113730.1.13 delete

Stopped EnterpriseCA service, tried certutil command again then started EnterpriseCA service. -> No luck

Used the command with "-delete" (ie. instead of just "delete") - No luck.

Command Output:
C:\WINDOWS\system32>certutil -oid 2.16.840.1.113730.1.13 delete
2.16.840.1.113730.1.13 -- Netscape Comment (netscape-comment)
pwszName = Netscape Comment CRYPT_EXT_OR_ATTR_OID_GROUP_ID (6)
dwValue = 0

2.16.840.1.113730.1.13 -- Netscape Comment (netscape-comment)
pwszName = netscape-comment CRYPT_ENHKEY_USAGE_OID_GROUP_ID (7)
dwValue = 0 No display names

CertUtil: -oid command FAILED: 0x80070002 (WIN32: 2 ERROR_FILE_NOT_FOUND) CertUtil: The system cannot find the file specified.

ADSI Edit -> Config -> Services -> Public Key Services -> OID -> Search for OID starting from number 3 -> Not found.

ldp.exe (same as per ADSI Edit).

regedit -> search for "netscape-comment" -> Nothing found.

I'm at a loss - help?

Rel. screenshots.

82098-certutil-oid-netscape-comment-delete-not-working.png
82099-oids.png



windows-server
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @AndreaMatesi-4823, in looking at your screen shots, is this a on-premises app?

EDIT: I've retagged your question under Windows Server, which I believe your issue falls under.

Regards,
Ryan

1 Vote 1 ·

Hello @AndreaMatesi-4823,

Thank you for posting here.

I have tested in my lab several times, and I did not find the way to delete the OID currently.

And I will research later, if there is any update I will reply you.

Thank you for your understanding and support.



Best Regards,
Daisy Zhou







Best Regards,
Daisy Zhou

0 Votes 0 ·

0 Answers