As a part of a fresh install of Netscape Directory Server 6.x (on Windows or Solaris), a couple of dozen CA certs are installed by default. They are listed under the CA certs tab under Manage Certificates. All the names start with "Builtin Object Token" followed by the CA name like Entrust, Verisign etc.. There was no way to delete all of them at once, so I deleted them one by one. After a server restart they all came back again. I tried removing the cert7.db and key3.db files, but that did not help.
I do not want these public CAs in my database, only the internal CAs that I trust. Any pointers will be appreciated. Thanks, Aman