Click here to Skip to main content
14,831,225 members
Please Sign up or sign in to vote.
0.00/5 (No votes)

There is some code online that is supposed to do what I'm trying to do, but it didn't work for me, trying it in the PowerShell commandline line by line.

I am trying to delete a certificate from the CurrentUser\My store, by its' thumbprint:

get-childitem cert:CurrentUser\My

(that works and lists my certificates with their respective thumbprints)

then what? how does the remove-item command works? I have tried:

$store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My","CurrentUser)
$thumbprint = "91110a3dd00d5a03a7c7585303fe787653cd4c14"
$cert = $store.Certificates.Find("FindByThumbprint", $thumbprint, $TRUE)
Remove-Item -Path cert:\CurrentUser\My\$cert

I get:

The item at cert:\CurrentUser\My\ has children and the Recurse parameter was not specified. If you continue, all
children will be removed with the item. Are you sure you want to continue?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):

which means I'm doing something wrong...

what's the correct syntax for remove-item to remove a specific certificate from my store?

Much thanks for any suggestions,
Updated 11-Jun-20 6:16am

$Certs = get-childitem cert:"CurrentUser\My"

$Certs | %{Remove-Item -path $_.PSPath -recurse -Force}
Ron Anoshi 5-Aug-15 4:41am
Sorry for the delayed accept, There have been much water under that bridge...
I accepted your solution since it seems correct, but have no way to check it right now.
I am running Powershell on Win2k16: 5.1.14393.3471
I could only get the following syntax to work, I had to remove "-Force" from the command in order for the loop to iterate through each item in the list. I am checking for certificates than have less than 40 days left before they expire:

Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object {$_.NotAfter -lt (Get-Date).AddDays(40)} | ForEach-Object {Remove-Item -Path "Cert:\LocalMachine\Root\$($_.Thumbprint)" -Recurse -Verbose}

Also, you should issue a check for the number of certs in the "Root" store before and after the import of the sst file, using the below command:

(Get-ChildItem -Path Cert:\LocalMachine\Root).Count

I hope that saves someone a bunch of time, because I spent quite a bit of time with trail and error.

Good luck!
get-childitem cert:\CurrentUser\My | Remove-Item

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900