Powershell Remotely Delete PKI Certificates
My answer is for the "Is there a smarter/simpler way to do this?" part of your question. This script was successful in removing a go daddy cert for me
$Path = 'Cert:\LocalMachine\AuthRoot\'
$CertList = @()
$CertList = Get-ChildItem -Path $Path | Where-Object {$_.Issuer -like "CN=GO*"}
foreach($Cert in $CertList){
remove-item "$($Path)$($Cert.Thumbprint)" -Force -WhatIf
}
I added a -WhatIf so that this code wasn't dangerous for the "copy\paste\run" folx. Now, you'll need to adapt the $Path, Where-Object, and add the $certname variable, but the above template should have you going.
Although I have not been able to solve the issue with the script, I was able to find a 'Smarter/Simpler' way to achieve my goal.
From the Certificate Authority:
- Rt-Click
Certificate Templatesand selectManage - Rt-Click the Certificate Template you wish to replace and select
Reenroll All Certificate Holders
This will increment the Version number of the template and network systems with auto-enroll will delete the old cert and enroll with the new cert.
Though this requires auto-enrollment for the specific template I am working with, a solution to the script posted would be a preferable answer.