To remove unused Windows 2000 Certificate Server key pairs, you would use the Certutil.exe utility, which is available on a Windows 2000 server that has Certificate Services installed:
1. To list the installed keys, open a CMD.EXE window and type:
2. The container names for installed Certification Authorities are listed under Microsoft Base Cryptographic Provider v1.0.
3. To delete an unused container, type:
certutil -delkey <CA_Name>.