How to programmatically purge all certificates from the ITCM certificate store?

Document ID : KB000105934
Last Modified Date : 10/07/2018
Show Technical Document Details
Introduction:
This document provides the script necessary to programmatically purge all certificates from the ITCM certificate store.  You may be doing this for a variety of troubleshooting purposes, likely having to do with implementation of custom ITCM certificates for securing agent communication.
Environment:
Client Automation (ITCM) -- any version.
Instructions:
Create a batch file with the following content:
echo Purge existing certificates by skid...
for /F "tokens=1-2* delims= " %%a in ('cacertutil list -v ^| findstr /I /C:SKID') do call cacertutil remove -skid:"%%c"

echo Purge existing certificates by subject...
for /F "tokens=1-2* delims= " %%a in ('cacertutil list -v ^| findstr /I /C:Subject') do call cacertutil remove -s:"%%c"

This script will run "cacertutil list -v", and individually remove each certificate by SKID or SUBJECT, until the listing is empty.

Note: These commands cannot be copy/pasted directly to the command line.  They must be contained within a batch file, and executed, in order for the for loop to process as designed.