Click here to Skip to main content
14,355,397 members

Delete Certificate Store

Rate this:
0.00 (No votes)
Please Sign up or sign in to vote.
0.00 (No votes)
24 May 2019CPOL
This deletecertstore tool deletes certificate stores as a pendant to makecert


This article provides a tool to delete a certificate store. The tool makecert creates a certificate. It also creates a certificate store, if the store does not yet exist. It is possible to delete a certificate through the Certificates snap-in but there is no way to delete the certificate store. This article provides the command line tool deletecertstore to delete a certificate store. This tool is an extension of the code posted by Daniel Chambers in his article Removing a Windows System Certificate Store.


To see the certificates, the Certificates snap-in may be used.

File / Add/Remove Snap-in...

Image 1

Certificates Add
Computer account
Local computer

Image 2


Image 3

Certificate snap-in

Image 4

The tool makecert is usually located in the folder C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\x64. The following command creates a certificate in store Store1 at location LocalMachine for publisher name Test1:

"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\x64\makecert" 
                  -ss Store1 -sr LocalMachine -n CN=Test1 

Image 5

Refreshing the Certificates (Local Computer) node, the new store Store1 and the certificate Test1 are shown:

Image 6

By right-clicking on certificate Test1, it is possible to delete it, but it is not possible to delete the store Store1, even if it is empty. With the provided tool, it is possible to delete store Store1.

Using the Code

The project is a console application. To specify the store and location of the certificate, the same arguments -ss and -sr as makecert are used.

    if (args.Length == 4)
        var store = "";
        var location = "";
        for (var i = 0; i < 4; i += 2)
            if (args[i] == "-ss")
                store = args[i + 1];
            else if (args[i] == "-sr")
                location = args[i + 1];
                if (!",localmachine,currentuser,".Contains("," + location.ToLower() + ","))
                    throw new Exception
                        ("Parameter sr takes argument LocalMachine or CurrentUser");
                throw new Exception(string.Format("Parameter {0} is not allowed", args[i]));
        throw new Exception("usage: DeleteCertStore -ss <store>
                              -sr <localmachine currentuser="" or="">");

The Windows SDK function CertUnregisterSystemStore is used to delete the specified store.

var ok = CertUnregisterSystemStore

[DllImport("crypt32.dll", CharSet = CharSet.Unicode)]
public static extern bool CertUnregisterSystemStore(string systemStore, uint flags);


  1. Unzip project to, for example, c:\temp.
  2. Open and build project, c:\temp\DeleteCertStore\DeleteCertStore.vbproj with Visual Studio 2010 or higher. The executable, c:\temp\DeleteCertStore\bin\Debug\deletecertstore.exe will be created.
  3. Follow the above steps in the Background section to create certificate Test1 in Store1.
  4. Verify with the Certificate snap-in that certificate Test1 in Store1 has been created.
  5. Open a command prompt for example with Start/Run/cmd.
  6. c:\temp\DeleteCertStore\bin\Debug\deletecertstore -ss Store1 -sr localmachine will delete the store Store1.
  7. Refresh the Certificate snap-in and verify that Store1 is not shown.


  1. Delete certificate store specified with arguments -ss and -sr


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Alexandros Pappas
Software Developer (Senior) Unisystems
Greece Greece
No Biography provided

Comments and Discussions

-- There are no messages in this forum --
Posted 24 May 2019


3 bookmarked