Category filter

Script to delete certificate on Windows 10 devices

Organizations may need to delete expired certificates and replace them with new ones to ensure proper functioning of the organization. Manually deleting certificates on many devices will be a tedious task. Hexnode UEM allows you to delete certificates on Windows devices remotely by executing Custom Scripts


The Sample Scripts provided below are adapted from third-party Open-Source sites.

Batch Script

To delete a certificate from LocalMachine, use the following script:

To delete a certificate from CurrentUser, use the following script:

E.g., To delete a certificate with thumbprint “8aa3c3a0a0152387f64b8392a72bd098a3a61c90” from Trusted Root Certification Authorities folder in current user.

certutil –delstore –user Root 8aa3c3a0a0152387f64b8392a72bd098a3a61c90

PowerShell Script

If you want to delete a certificate from the current user, replace LocalMachine with CurrentUser.

E.g., To delete a certificate with thumbprint “8aa3c3a0a0152387f64b8392a72bd098a3a61c90” from personal folder in local machine.

Get-ChildItem Cert:\LocalMachine\My\8aa3c3a0a0152387f64b8392a72bd098a3a61c90 | Remove-Item


  • Depending on the system store you need to delete the certificate from, replace ‘certificatestorename’ with My, Root, CA, or Trust.
  • It is recommended to manually validate the script execution on a system before executing the action in bulk.
  • Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

  • Sample Script Repository