Removing Security Certificates

Server Appliance Kit

The Server Appliance Kit (SAK) Web user interface (UI) provides a self-signed certificate to authenticate the server and raises an alert advising the customer to obtain a signed certificate from a certificate authority. Because this certificate is tied to the computer name of the server, a certificate created on one server is not valid on another computer. As a result, before you can create a master image of your server appliance, you must remove the default certificate created by the Web UI framework and clear the associated alert. When a new server created from that master image boots for the first time, the Web UI framework creates a new certificate for that particularly server and raises an alert for that certificate.

To delete the Administration site certificate

  1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
  2. In IIS Manager, expand the local computer, and then expand Web Sites.
  3. Right-click Administration, and then click Properties.
  4. Click the Directory Security tab, and then Server Certificate.
  5. In the Web Server Certificate Wizard, click Next.
  6. Click Remove the current certificate, and then click Next.
  7. Verify that the correct certificate is being removed, and then click Next again to remove the certificate.
  8. Click Finish to close the wizard.
  9. Click Start, and then click Web Interface for Remote Administration.
  10. In the Web browser, click the Status tab, click Install new certificate, and then click Clear message

Windows Server 2003 also creates a number of additional certificates based on the server name that should be removed before you copy the master image.

To remove server certificates

  1. Click Start, and then click Run
  2. In the Open box, type mmc, and then click OK.
  3. In the Microsoft Management Console (MMC), click File, click Add/Remove Snap-in, and then click Add.
  4. In the Available Standalone Snap-ins list, click Certificates, and then click Add.
  5. When prompted for which account to manage certificates for, click Computer account, click Next, and then click Finish.
  6. In the Add Standalone Snap-in dialog box, click Close.
  7. In the Add-Remove Snap-in dialog box, click OK.
  8. In the MMC window, expand the Certificates add-in.
  9. Expand the Personal folder, and then click the Certificates folder
  10. Right-click the certificate that matches the server name, and then click Delete.
  11. Expand the Trusted Root Certification Authorities folder, and then click the Certificates subfolder.
  12. Right-click the certificate that matches the server name, and then click Delete.


  • If you restart the computer before copying the master image, the certificates will be recreated.