Login/Register
How to remove a certificate Store added by makecert
Asked Answered
Solved c#powershellx509certificatewindows-server-2008-r2
S

4

11

Using the -ss option of Microsoft tool MakeCert.exe (-ss specifies the subject's certificate store name that stores the output certificate), I create my own store on a server. I'am able to remove my certificate programaticaly, but I'am not able to remove the store itself. According to the error message this not seems to be supported by the provider.

I can't even use the MMC snapin (certmgr.msc) to remove it. Does anybody know how to do that ?

PS cert:\LocalMachine> Remove-Item .\SigningStore
Remove-Item : L'exécution du fournisseur s'est arrêtée, car le fournisseur ne prend pas en charge cette opération.
Au niveau de ligne : 1 Caractère : 12
+ Remove-Item <<<<  .\SigningStore
    + CategoryInfo          : NotImplemented: (:) [Remove-Item], PSNotSupportedException
    + FullyQualifiedErrorId : NotSupported,Microsoft.PowerShell.Commands.RemoveItemCommand

The only way I found was to use CertUnregisterSystemStore Win32 API

Schizopod answered 15/3, 2012 at 8:20 Comment(2)
You wrote no comment to my answer. Is the problem already solved?Victoriavictorian
Sorry, I just do not take time to test it. I'll do it and answer.Schizopod
C
5

Read this and add-type with c# code with pinvoke (already done!) of crypt32.dll

Cassilda answered 15/3, 2012 at 8:32 Comment(3)
Thanks @Christian, I found this one, I wrote about CertUnregisterSystemStore in my last sentence.Schizopod
@JPBlanc. Yes I read you last sentence but link to msdn doesn't have the pinvoke done with all flags value! Less work, more time available! :-)Cassilda
Note that in LinqPad, you need to either have System.Runtime.InteropServices imported, or fully specify the DllImport, e.g. [System.Runtime.InteropServices.DllImport("crypt32.dll", CharSet = System.Runtime.InteropServices.CharSet.Unicode)]Ruben
A
11

I accidentally created a store called Personal and wanted to get rid of it (of course). Two personal stores to look for ughhh. Anyways, I added a certificate that I had created to that store, copied the thumbprint (and removed the spaces) and then searched the registry for the thumbprint. I discovered I could make them go away by deleting the key (in my case Personal) at [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Personal] (if in the local machine) or at [HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Personal] is in current user. I knew that it wasn't the other one called Personal because the real personal store is actually stored as My.

EDIT: I had to remove a few other keys to solve this but basically search carefully and examine each entry that matches what you are trying to get rid of. For each match, export to a reg file and then delete and test.

This post was a bit helpful as well: http://banachowski.com/deprogramming/2011/01/deleting-unwanted-certificate-stores-from-windows/

Alaric answered 19/12, 2012 at 21:29 Comment(0)
C
6

Use a PowerShell cmdlet: 

Remove-Item -Path cert:\LocalMachine\StoreYouWantToDelete
Capelin answered 28/12, 2013 at 0:46 Comment(0)
C
5

Read this and add-type with c# code with pinvoke (already done!) of crypt32.dll

Cassilda answered 15/3, 2012 at 8:32 Comment(3)
Thanks @Christian, I found this one, I wrote about CertUnregisterSystemStore in my last sentence.Schizopod
@JPBlanc. Yes I read you last sentence but link to msdn doesn't have the pinvoke done with all flags value! Less work, more time available! :-)Cassilda
Note that in LinqPad, you need to either have System.Runtime.InteropServices imported, or fully specify the DllImport, e.g. [System.Runtime.InteropServices.DllImport("crypt32.dll", CharSet = System.Runtime.InteropServices.CharSet.Unicode)]Ruben
R
0

Did you try the certificate manager tool? http://msdn.microsoft.com/en-us/library/e78byta0%28VS.80%29.aspx (see certmgr.exe /del )

Rawls answered 15/3, 2012 at 8:29 Comment(3)
Thanks, I'am able to remove a user certificate with this tool, but not a computer store.Schizopod
Your question is also tagged with "PowerShell". Maybe this can help you: dmitrysotnikov.wordpress.com/category/certificate-management (see Remove-QADLocalCertificateStore )Rawls
@DavidBrabant Your last comment is an answer!Cassilda

© 2022 - 2024 — McMap. All rights reserved.