Clean up expired certs on a smart card

Great answer in [this blog post][1] by Alejandro Campos Magencio.

[1]: http://blogs.msdn.com/alejacma/archive/2008/10/30/how-to-clean-up-expired-certs-on-your-smart-card.aspx

1) Run the following command to get a list of certificates stored in the smart card:

certutil -scinfo > output.txt

Note: Certutil tool should be included on Windows Vista/Server 2008 by default. You may also get it from Windows Server 2003 Admin Pack, for instance. Cerutil may request the smart card PIN several times. You can safely ignore these requests by pressing Esc every time. You will finally get a dialog with a list of certificates in the card (in my particular case I got 3 certs, and one of them had already expired). Now close that dialog and wait until certutil finishes running. 2) Take a look to output.txt. For example, in my case the first cert (“Certificate 0”) was the expired one (I could see strings like “Chain on smart card is invalid”, “CERT_TRUST_IS_NOT_TIME_VALID” and “Expired certificate”). Copy its related “Key Container” value (“f6138188-3725-4c2b-8cf6-9c421d8bee69” in my case). 3) Run the following command to remove the certificate associated to the key container you copied before:

certutil -delkey -csp "Microsoft Base Smart Card Crypto Provider" "f6138188-3725-4c2b-8cf6-9c421d8bee69" Note: your smart card CSP may be different. Use yours.