Delete Certificate Store

Alexandros Pappas

0.00/5 (No votes)

24 May 2019CPOL2 min read

7.6K

108

This deletecertstore tool deletes certificate stores as a pendant to makecert

Download source code - 2.9 KB

Introduction

This article provides a tool to delete a certificate store. The tool makecert creates a certificate. It also creates a certificate store, if the store does not yet exist. It is possible to delete a certificate through the Certificates snap-in but there is no way to delete the certificate store. This article provides the command line tool deletecertstore to delete a certificate store. This tool is an extension of the code posted by Daniel Chambers in his article Removing a Windows System Certificate Store.

Background

To see the certificates, the Certificates snap-in may be used.

mmc
File / Add/Remove Snap-in...

Certificates Add
Computer account
Local computer
Finish

OK

Certificate snap-in

The tool makecert is usually located in the folder C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\x64. The following command creates a certificate in store Store1 at location LocalMachine for publisher name Test1:

"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\x64\makecert" 
                  -ss Store1 -sr LocalMachine -n CN=Test1

Refreshing the Certificates (Local Computer) node, the new store Store1 and the certificate Test1 are shown:

By right-clicking on certificate Test1, it is possible to delete it, but it is not possible to delete the store Store1, even if it is empty. With the provided tool, it is possible to delete store Store1.

Using the Code

The project is a console application. To specify the store and location of the certificate, the same arguments -ss and -sr as makecert are used.

    if (args.Length == 4)
    {
        var store = "";
        var location = "";
        for (var i = 0; i < 4; i += 2)
        {
            if (args[i] == "-ss")
                store = args[i + 1];
            else if (args[i] == "-sr")
            {
                location = args[i + 1];
                if (!",localmachine,currentuser,".Contains("," + location.ToLower() + ","))
                    throw new Exception
                        ("Parameter sr takes argument LocalMachine or CurrentUser");
            }
            else
                throw new Exception(string.Format("Parameter {0} is not allowed", args[i]));
        }
        ...
    }
    else
        throw new Exception("usage: DeleteCertStore -ss <store>
                              -sr <localmachine currentuser="" or="">");
}

The Windows SDK function CertUnregisterSystemStore is used to delete the specified store.

...
var ok = CertUnregisterSystemStore
         (store, CERT_STORE_DELETE_FLAG | CERT_SYSTEM_STORE_LOCATION);
...

[DllImport("crypt32.dll", CharSet = CharSet.Unicode)]
public static extern bool CertUnregisterSystemStore(string systemStore, uint flags);

Walkthrough

Unzip project to, for example, c:\temp.
Open and build project, c:\temp\DeleteCertStore\DeleteCertStore.vbproj with Visual Studio 2010 or higher. The executable, c:\temp\DeleteCertStore\bin\Debug\deletecertstore.exe will be created.
Follow the above steps in the Background section to create certificate Test1 in Store1.
Verify with the Certificate snap-in that certificate Test1 in Store1 has been created.
Open a command prompt for example with Start/Run/cmd.
c:\temp\DeleteCertStore\bin\Debug\deletecertstore -ss Store1 -sr localmachine will delete the store Store1.
Refresh the Certificate snap-in and verify that Store1 is not shown.

History

Delete certificate store specified with arguments -ss and -sr

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)