18.16 Add and Remove Certificates

Problem

You want to add and remove certificates in the certificate store.

Solution

To remove a certificate, use the Remove-Item cmdlet. For example, to remove temporary certificates that you create when debugging SSL websites with the Fiddler HTTP debugging proxy:

PS Cert:\CurrentUser\My > dir |
    Where Subject -like "*OU=Created by http://www.fiddler2.com" | Remove-Item

To add a certificate, use the certificate store APIs from the .NET Framework, as shown in Example 18-7.

## Adding a certificate from disk
$cert = Get-PfxCertificate <path_to_certificate>
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store `
    "TrustedPublisher","CurrentUser"
$store.Open("ReadWrite")
$store.Add($cert)
$store.Close()

Discussion

The certificate drive provides a useful way to navigate and view certificates for the current user or local machine. For example, if your execution policy requires the use of digital signatures, the following command tells you which publishers are trusted to run scripts on your system:

Get-ChildItem cert:\CurrentUser\TrustedPublisher

If you want to remove a trusted publisher from this store, simply use the Remove-Item cmdlet to do so.

While it’s easy to remove a certificate, adding a certificate is not as easy. For example, the Get-PfxCertificate cmdlet lets you review a certificate from a file that contains it, but it doesn’t let you install it into the certificate store permanently. The .NET APIs provide the way to import the certificate for good.

For more information about retrieving certificates from the certificate provider, please see Recipe 18.14. For more information about working with classes from the .NET Framework, please see Recipe 3.8.

See Also

Recipe 3.8, “Work with .NET Objects”

Recipe 18.14, “Access User and Machine Certificates”