Uninstall-Certificate

Removes a certificate from a store for the user or machine account.

Syntax

Uninstall-Certificate -Thumbprint <String> [-WhatIf] [-Confirm] [<CommonParameters>]

Uninstall-Certificate -Thumbprint <String> -StoreLocation {CurrentUser | LocalMachine} -CustomStoreName <String> [-Session <PSSession[]>] [-WhatIf] [-Confirm] [<CommonParameters>]

Uninstall-Certificate -Thumbprint <String> -StoreLocation {CurrentUser | LocalMachine} -StoreName {AddressBook | AuthRoot | CertificateAuthority | Disallowed | My | Root | TrustedPeople | TrustedPublisher} [-Session <PSSession[]>] [-WhatIf] [-Confirm] [<CommonParameters>]

Uninstall-Certificate -Certificate <X509Certificate2> -StoreLocation {CurrentUser | LocalMachine} -CustomStoreName <String> [-Session <PSSession[]>] [-WhatIf] [-Confirm] [<CommonParameters>]

Uninstall-Certificate -Certificate <X509Certificate2> -StoreLocation {CurrentUser | LocalMachine} -StoreName {AddressBook | AuthRoot | CertificateAuthority | Disallowed | My | Root | TrustedPeople | TrustedPublisher} [-Session <PSSession[]>] [-WhatIf] [-Confirm] [<CommonParameters>]

Description

The Uninstall-Certificate function uses .NET's certificates API to remove a certificate from a given store for the machine or current user. Use the thumbprint to identify which certificate to remove. The thumbprint is unique to each certificate. The user performing the removal must have read and write permission on the store where the certificate is located.

If the certificate isn't in the store, nothing happens, not even an error.

To uninstall a certificate from a remote computer, use the Sessionparameter, which was added in Carbon 2.1.0. You can create a new session with the New-PSSession cmdlet.

You can uninstall a certificate using just its thumbprint (this functionality is new in Carbon 2.5.0). Uninstall-Certificate will search through all certificate locations and stores and uninstall all certificates that have the thumbprint. When you enumerate all certificates over a remoting session, you get a terminating The system cannot open the device or file specified error, so you can't delete a certificate with just a thumbprint over remoting.

Parameters

Name Type Description Required? Pipeline Input Default Value
Thumbprint String

The thumbprint of the certificate to remove.

If you want to uninstall the certificate from all stores it is installed in, you can pipe the thumbprint to this parameter or you can pipe a certificate object. (This functionality was added in Carbon 2.5.0.)

true true (ByValue, ByPropertyName)
Certificate X509Certificate2

The certificate to remove

true false
StoreLocation StoreLocation

The location of the certificate's store.

true false
StoreName StoreName

The name of the certificate's store.

true false
CustomStoreName String

The name of the non-standard, custom store where the certificate should be un-installed.

true false
Session PSSession[]

Use the Session parameter to uninstall a certificate on remote computer(s) using PowerShell remoting. Use New-PSSession to create a session.

Due to a bug in PowerShell, you can't remove a certificate by just its thumbprint over remoting. Using just a thumbprint requires us to enumerate through all installed certificates. When you do this over remoting, PowerShell throws a terminating The system cannot open the device or file specified error.

This parameter was added in Carbon 2.1.0.

false false
WhatIf SwitchParameter false false
Confirm SwitchParameter false false
CommonParameters This cmdlet supports common parameters. For more information type
Get-Help about_CommonParameters.

EXAMPLE 1

Uninstall-Certificate -Thumbprint 570895470234023dsaaefdbcgbefa

Demonstrates how to delete a certificate from all stores it is installed in. Uninstall-Certificate searches every certificate stores and deletes all certificates with the given thumbprint. This functionality was added in Carbon 2.5.0.

EXAMPLE 2

'570895470234023dsaaefdbcgbefa' | Uninstall-Certificate

Demonstrates that you can pipe a thumbprint to Uninstall-Certificate. The certificate is uninstall from all stores it is in. This functionality was added in Carbon 2.5.0.

EXAMPLE 3

Get-Item -Path 'cert:\LocalMachine\My\570895470234023dsaaefdbcgbefa' | Uninstall-Certificate

Demonstrates that you can pipe a certificate Uninstall-Certificate. The certificate is uninstalled from all stores it is in. This functionality was added in Carbon 2.5.0.

EXAMPLE 4

Uninstall-Certificate -Thumbprint 570895470234023dsaaefdbcgbefa -StoreLocation CurrentUser -StoreName My

Removes the 570895470234023dsaaefdbcgbefa certificate from the current user's Personal certificate store.

EXAMPLE 5

$cert = Get-Certificate -FriendlyName 'Carbon Testing Certificate' -StoreLocation LocalMachine -StoreName Root

Uninstall-Certificate -Certificate $cert -StoreLocation LocalMachine -StoreName Root

Removes the certificate with friendly name 'Carbon Testing Certificate' from the local machine's Trusted Root Certification Authorities store.

EXAMPLE 6

Uninstall-Certificate -Thumbprint 570895470234023dsaaefdbcgbefa -StoreLocation LocalMachine -StoreName 'SharePoint'

Demonstrates how to uninstall a certificate from a custom, non-standard store.

EXAMPLE 7

Uninstall-Certificate -Thumbprint 570895470234023dsaaefdbcgbefa -StoreLocation CurrentUser -StoreName My -Session (New-PSSession -ComputerName remote1,remote2)

Demonstrates how to uninstall a certificate from a remote computer.