Powershell to delete personal certificates

Question

0.00/5 (No votes)

See more:

I am trying to edit a piece of found code that will allow me to delete personal certificates that are NOT the primary users certificates. For instance, my desktop folks as well as my HR folks constantly work with customers and acquire daily a large sum of other users digital certificates which can be found with Certificate Manager under Certificates - Current User\Personal\Certificates. I want to target any certificate not of a specific group, but do not know enough to correctly modify the command (posted below)

What I have tried:

Get-ChildItem Cert:\CurrentUser\My |
Where{$_.Issuer -match 'Communication Server'} |
Remove-Item -WhatIf

Is the command line I found elsewhere, I can see on the second line the command is looking for certificates that are issued by 'Communication Server'. What I want to do is exclude XYZ certificates, and flush all others.

Posted 16-Apr-21 7:39am

Christopher Kratzner

Updated 17-Apr-21 2:51am

Add a Solution

Comments

Richard MacCutchan 17-Apr-21 4:13am

Run the first line only (without the pipe), and that will give you the full list. You can then see what you need to filter to the delete process.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Christopher Kratzner · Answer 1 · 2021-04-17T02:51:00

Solution 1

Hello Richard,
  Thank you for your response, I ran "Get-ChildItem Cert:\CurrentUser\My" and it produced the list of certificates on a test machine.  The second line of "Where{$_.Issuer -match 'Communication Server'}" is what I need to cater to my situation.  I need the command line to not touch XYZ specific certificates, but delete all others.  Do you know what replaces .Issuer (displayed as "Issued By" in Cert Manager) to "Issued To"?

Posted 17-Apr-21 2:51am

Christopher Kratzner

Comments

Richard MacCutchan 17-Apr-21 11:39am

Please do not post questions or comments as solutions, but use the Reply button above the posted message.

However, in answer to your question, you will need to filter all the certificate entries that do not contain your keyword(s). You can use the -NotMatch option of the Where clause.

Christopher Kratzner 18-Apr-21 8:10am

Thank you for correcting me Richard, I should have paid better attention. Is it possible for me to input multiple lines of "Where{$_.IssuedTo -match '123456'} to identify more than one certificate or is there a way to do so in the same command line?

Richard MacCutchan 18-Apr-21 8:12am

As with everything Powershell there are lots of options. Take a look at Where-Object (Microsoft.PowerShell.Core) - PowerShell | Microsoft Docs[^].

Christopher Kratzner 19-Apr-21 13:19pm

Thank you for the reference Richard, please bear with me, my experience with this sort of material is light and rudimentary at best. If I am interpreting the reference items correctly, should I be inputting into the command should be something along the lines of:

“Where{$_.IssuedTo -NotMatch ‘cert1’ -and ‘cert2’ -and ‘cert3’}

(‘cert#’ is just hypothetical)

Richard MacCutchan 20-Apr-21 3:28am

You canjnot have multiple and expressions like that. The and operator is a binary operator and requires two operands in every place thus:

Where{$_.IssuedTo -NotMatch ‘cert1’ -and $_.IssuedTo -NotMatch ‘cert2’ -and $_.IssuedTo -NotMatch ‘cert3’}

Christopher Kratzner 20-Apr-21 10:43am

Hello again, I have entered the following command as such:

Get-ChildItem Cert:\CurrentUser\My | Where{$_.IssuedTo -NotMatch ‘cert1’ -and $_.IssuedTo -NotMatch ‘cert2’ -and $_.IssuedTo -NotMatch ‘Cert3’} | Remove-Item -WhatIf

What comes back is:
What if: Performing the operation “Remove certificate” on target “Item: CurrentUser\My\(thumbprint) “.

This message is replicated per each of the certs listed. I hit refresh on the personal certificates folder but none of the certificates have been deleted. Am I missing something Sir?

*Update*
Confirming with a coworker whose understanding of the material is better than mine (but not as good as yours), the meat and potatoes in the second line after the first pipe is being ignored where I tell the command to exclude X amount of specific certs. On a second iteration I instead used thumbprints instead of the certs and it produces the same results.

In an interesting test, this command will nuke every certificate in the personal folder

Get-ChildItem Cert:\CurrentUser\My | Remove-Item

Richard MacCutchan 20-Apr-21 10:51am

Sorry, I have no experience of managing certificates. Are you running the script with admin privileges?

Richard MacCutchan 20-Apr-21 11:10am

Take a look at Certificate Provider - PowerShell | Microsoft Docs[^], which may be of some help.

Sorry, wrong link first time.