How to programmatically purge all certificates from the ITCM certificate store?

Article Id: 105934

Status: Published

Updated On: 10-07-2018 11:21

Products:

CA Automation Suite for Data Centers - Configuration Automation CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Remote Control CA Client Automation - Asset Intelligence CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager

Issue/Introduction:

This document provides the script necessary to programmatically purge all certificates from the ITCM certificate store. You may be doing this for a variety of troubleshooting purposes, likely having to do with implementation of custom ITCM certificates for securing agent communication.

Environment:

Client Automation (ITCM) -- any version.

Resolution:

Create a batch file with the following content:

echo Purge existing certificates by skid...
for /F "tokens=1-2* delims= " %%a in ('cacertutil list -v ^| findstr /I /C:SKID') do call cacertutil remove -skid:"%%c"

echo Purge existing certificates by subject...
for /F "tokens=1-2* delims= " %%a in ('cacertutil list -v ^| findstr /I /C:Subject') do call cacertutil remove -s:"%%c"

This script will run "cacertutil list -v", and individually remove each certificate by SKID or SUBJECT, until the listing is empty.

Note: These commands cannot be copy/pasted directly to the command line. They must be contained within a batch file, and executed, in order for the for loop to process as designed.