17

You can install certificate into certificate store using Wizard in certmgr.msc (Right click install)? Does anyone knows how to "cleanly" remove all the certificate by either using wizard/Code (pref.) /Script ?

I want to be able to remove everything (that I have installed earlier) from the LocalMachine and/or CurrentUser Store without leaving any residue.

Thanks

activebiz
  • 6,000
  • 9
  • 41
  • 64

3 Answers3

19

You could try the X509Store and releated classes in the .Net Framework to delete a certificate from the certificate store. The following code example deletes a certificate from the current user's My store:

// Use other store locations if your certificate is not in the current user store.
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadWrite | OpenFlags.IncludeArchived);

// You could also use a more specific find type such as X509FindType.FindByThumbprint
X509Certificate2Collection col = store.Certificates.Find(X509FindType.FindBySubjectName, "yoursubjectname", false);

foreach (var cert in col)
{
  Console.Out.WriteLine(cert.SubjectName.Name);

  // Remove the certificate
  store.Remove(cert);        
}
store.Close();

BEGIN EDIT: Based on the comments in the comment section I've updated my answer with a code sample showing how to remove a certificate and all certificates in the chain:

  X509Certificate2Collection col = store.Certificates.Find(X509FindType.FindBySubjectName, "yoursubjectname", false);

  X509Chain ch = new X509Chain();
  ch.Build(col[0]);
  X509Certificate2Collection allCertsInChain = new X509Certificate2Collection();

  foreach (X509ChainElement el in ch.ChainElements)
  {
    allCertsInChain.Add(el.Certificate);
  }

  store.RemoveRange(allCertsInChain);

END EDIT

Hope, this helps.

Hans
  • 12,902
  • 2
  • 57
  • 60
  • 2
    Will it make sure it will remove all the certificates from the machine including thoese in chain ? – activebiz Oct 03 '11 at 10:30
  • ok here's another question in addition. When you install using wizard it has option "Automatically store the certificate based on the type". How would you install cert in corrosponding store in code with this? – activebiz Oct 03 '11 at 10:46
  • 1
    @activebiz: No, the Remove() function does not remove certificates in the certificate chain. I've updated my answer with a sample to show how to delete the certificates in the chain. – Hans Oct 03 '11 at 11:43
  • I found answer to the question: X509Store store = new X509Store(StoreLocation.LocalMachine); – activebiz Oct 03 '11 at 12:55
5

Old thread, but I just followed the linked post below using Win 7 and it worked nicely... Uses the Management Console.

  1. Start -> Run -> mmc.exe
  2. Click File -> "Add/Remove Snap-in"
  3. Select Certificates, click Add
  4. Select "Computer account", click Next.
  5. Select "Local computer", click Finish
  6. Click OK, which should bring you back to the MMC
  7. In left pane, expand Certificates (Local Computer)
  8. Do what you will with the listed certificates...

Source: http://windowssecrets.com/top-story/certificate-cleanup-for-most-personal-computers/

D. Dubya
  • 189
  • 1
  • 12
  • 2
    While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. – nobody Jun 23 '14 at 19:14
2

You can try certmgr.exe. The following command removes a certificate with a cn of 'commoncertname ' from the local user personal\certificates store.

.\certmgr.exe -del -n commoncertname -c -s -r currentuser my

You can find more information about certmgr.exe here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa376553%28v=vs.85%29.aspx

UPDATE

Duh! I can't believe I didn't try this! You can remove certificates with the following:

Get-ChildItem Cert:\CurrentUser\My | Where-Object {$_.Subject -eq 'CN=certCN'} | Remove-Item
Shay Levy
  • 121,444
  • 32
  • 184
  • 206