How to programmatically purge all certificates from the ITCM certificate store?
Article ID: 105934
Updated On:
Products
CA Automation Suite for Data Centers - Configuration Automation
CA Client Automation - Asset Management
CA Client Automation - IT Client Manager
CA Client Automation
CA Client Automation - Remote Control
CA Client Automation - Asset Intelligence
CA Client Automation - Desktop Migration Manager
CA Client Automation - Patch Manager
Issue/Introduction
This document provides the script necessary to programmatically purge all certificates from the ITCM certificate store. You may be doing this for a variety of troubleshooting purposes, likely having to do with implementation of custom ITCM certificates for securing agent communication.
Environment
Client Automation (ITCM) -- any version.
Resolution
Create a batch file with the following content:
This script will run "cacertutil list -v", and individually remove each certificate by SKID or SUBJECT, until the listing is empty.
Note: These commands cannot be copy/pasted directly to the command line. They must be contained within a batch file, and executed, in order for the for loop to process as designed.
echo Purge existing certificates by skid...
for /F "tokens=1-2* delims= " %%a in ('cacertutil list -v ^| findstr /I /C:SKID') do call cacertutil remove -skid:"%%c"
echo Purge existing certificates by subject...
for /F "tokens=1-2* delims= " %%a in ('cacertutil list -v ^| findstr /I /C:Subject') do call cacertutil remove -s:"%%c"
This script will run "cacertutil list -v", and individually remove each certificate by SKID or SUBJECT, until the listing is empty.
Note: These commands cannot be copy/pasted directly to the command line. They must be contained within a batch file, and executed, in order for the for loop to process as designed.
Feedback
Yes
No
Powered by
