Usually when renewing certificates old ones get archived automatically. Using the default view options you don’t even see them in the mmc. However, sometimes it is necessary to bring an archived certificate back to life.
To view archived certificates in the mmc, do the following:
- Select the root node of the certificate store
- Select View > Options from the menu (Options is not there if any other node is selected)
- Enable “Archived certificates”
Now that you see your archived certificates you can “unarchive” them using PowerShell:
You can unarchive certificates in any store location (LocalMachine, CurrentUser, My, Root, etc.). You can choose the store location by changing the first line. An example of valid store locations is available at https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509store.location
In line 2 the store is opened using the ReadWrite and IncludeArchived pptions. Information about these OpenFlags can be found at https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.openflags
Please note that certificates usually get archived again (when autoenrollment, reenrollment or certutil -pulse takes place).