How to remove a certificate Store added by makecert

Question

Using the -ss option of Microsoft tool MakeCert.exe (-ss specifies the subject's certificate store name that stores the output certificate), I create my own store on a server. I'am able to remove my certificate programaticaly, but I'am not able to remove the store itself. According to the error message this not seems to be supported by the provider.

I can't even use the MMC snapin (certmgr.msc) to remove it. Does anybody know how to do that ?

PS cert:\LocalMachine> Remove-Item .\SigningStore
Remove-Item : L'exécution du fournisseur s'est arrêtée, car le fournisseur ne prend pas en charge cette opération.
Au niveau de ligne : 1 Caractère : 12
+ Remove-Item <<<<  .\SigningStore
    + CategoryInfo          : NotImplemented: (:) [Remove-Item], PSNotSupportedException
    + FullyQualifiedErrorId : NotSupported,Microsoft.PowerShell.Commands.RemoveItemCommand

The only way I found was to use CertUnregisterSystemStore Win32 API

You wrote no comment to [my answer](http://stackoverflow.com/a/9749076/315935). Is the problem already solved? — Oleg, Mar 27 '12 at 05:30
Sorry, I just do not take time to test it. I'll do it and answer. — JPBlanc, Mar 27 '12 at 18:17

Mike Cheel · Answer 1 · 2021-12-13T20:03:05.797

I accidentally created a store called Personal and wanted to get rid of it (of course). Two personal stores to look for ughhh. Anyways, I added a certificate that I had created to that store, copied the thumbprint (and removed the spaces) and then searched the registry for the thumbprint. I discovered I could make them go away by deleting the key (in my case Personal) at [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\Personal] (if in the local machine) or at [HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Personal] is in current user. I knew that it wasn't the other one called Personal because the real personal store is actually stored as My.

EDIT: I had to remove a few other keys to solve this but basically search carefully and examine each entry that matches what you are trying to get rid of. For each match, export to a reg file and then delete and test.

This post was a bit helpful as well: http://banachowski.com/deprogramming/2011/01/deleting-unwanted-certificate-stores-from-windows/

score 6 · Answer 2 · edited Dec 28 '13 at 01:30

6

Use a PowerShell cmdlet:

Remove-Item -Path cert:\LocalMachine\StoreYouWantToDelete

edited Dec 28 '13 at 01:30

stuartd

70,509
14
132
163

answered Dec 28 '13 at 00:46

ktran

77
1
2

CB. · Accepted Answer · 2012-03-15T08:43:31.580

4

Read this and add-type with c# code with pinvoke (already done!) of crypt32.dll

edited Mar 15 '12 at 08:43

answered Mar 15 '12 at 08:32

CB.

58,865
9
159
159

Thanks @Christian, I found this one, I wrote about CertUnregisterSystemStore in my last sentence. – JPBlanc Mar 15 '12 at 08:44
@JPBlanc. Yes I read you last sentence but link to msdn doesn't have the pinvoke done with all flags value! Less work, more time available! :-) – CB. Mar 15 '12 at 08:58
Note that in LinqPad, you need to either have ``System.Runtime.InteropServices`` imported, or fully specify the DllImport, e.g. ``[System.Runtime.InteropServices.DllImport("crypt32.dll", CharSet = System.Runtime.InteropServices.CharSet.Unicode)]`` – Nathan Jun 18 '13 at 21:20

score 0 · Answer 4 · answered Mar 15 '12 at 08:29

0

Did you try the certificate manager tool? http://msdn.microsoft.com/en-us/library/e78byta0%28VS.80%29.aspx (see certmgr.exe /del )

answered Mar 15 '12 at 08:29

David Brabant

41,623
16
83
111

Thanks, I'am able to remove a user certificate with this tool, but not a computer store. – JPBlanc Mar 15 '12 at 08:57
2

Your question is also tagged with "PowerShell". Maybe this can help you: http://dmitrysotnikov.wordpress.com/category/certificate-management/ (see Remove-QADLocalCertificateStore ) – David Brabant Mar 15 '12 at 09:27
1

@DavidBrabant Your last comment is an answer! – CB. Mar 15 '12 at 09:32

How to remove a certificate Store added by makecert

4 Answers4