Category filter
Script to delete certificate on Windows 10 devices
Organizations may need to delete expired certificates and replace them with new ones to ensure proper functioning of the organization. Manually deleting certificates on many devices will be a tedious task. Hexnode UEM allows you to delete certificates on Windows devices remotely by executing Custom Scripts
The Sample Scripts provided below are adapted from third-party Open-Source sites.
Batch Script
To delete a certificate from LocalMachine, use the following script:
|
1 |
certutil –delstore certificatestorename Thumbprint |
To delete a certificate from CurrentUser, use the following script:
|
1 |
certutil –delstore –user certificatestorename Thumbprint |
E.g., To delete a certificate with thumbprint “8aa3c3a0a0152387f64b8392a72bd098a3a61c90” from Trusted Root Certification Authorities folder in current user.
certutil –delstore –user Root 8aa3c3a0a0152387f64b8392a72bd098a3a61c90
PowerShell Script
|
1 |
Get-ChildItem Cert:\LocalMachine\certificatestorename\Thumbprint | Remove-Item |
If you want to delete a certificate from the current user, replace LocalMachine with CurrentUser.
E.g., To delete a certificate with thumbprint “8aa3c3a0a0152387f64b8392a72bd098a3a61c90” from personal folder in local machine.
Get-ChildItem Cert:\LocalMachine\My\8aa3c3a0a0152387f64b8392a72bd098a3a61c90 | Remove-Item
- Depending on the system store you need to delete the certificate from, replace ‘
certificatestorename’ withMy,Root,CA, orTrust. - It is recommended to manually validate the script execution on a system before executing the action in bulk.
- Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.
