How to programmatically purge all certificates from the ITCM certificate store?

book

Article ID: 105934

calendar_today

Updated On:

Products

CA Automation Suite for Data Centers - Configuration Automation CA Client Automation - Asset Management CA Client Automation - IT Client Manager CA Client Automation CA Client Automation - Remote Control CA Client Automation - Asset Intelligence CA Client Automation - Desktop Migration Manager CA Client Automation - Patch Manager

Issue/Introduction

This document provides the script necessary to programmatically purge all certificates from the ITCM certificate store.  You may be doing this for a variety of troubleshooting purposes, likely having to do with implementation of custom ITCM certificates for securing agent communication.

Environment

Client Automation (ITCM) -- any version.

Resolution

Create a batch file with the following content:
echo Purge existing certificates by skid...
for /F "tokens=1-2* delims= " %%a in ('cacertutil list -v ^| findstr /I /C:SKID') do call cacertutil remove -skid:"%%c"

echo Purge existing certificates by subject...
for /F "tokens=1-2* delims= " %%a in ('cacertutil list -v ^| findstr /I /C:Subject') do call cacertutil remove -s:"%%c"

This script will run "cacertutil list -v", and individually remove each certificate by SKID or SUBJECT, until the listing is empty.

Note: These commands cannot be copy/pasted directly to the command line.  They must be contained within a batch file, and executed, in order for the for loop to process as designed.