locked
Powershell script to remove expired cert from specific issuer RRS feed

  • Question

  • I'm trying to do a script to remove a cert from workstations in the Computer Personal store that is expired and from a specific issuer,

    This works fine to remove all expired certs from the store:

            $Certs = Get-ChildItem "Cert:\LocalMachine\My" -Recurse
           Foreach($Cert in $Certs) {
                If($Cert.NotAfter -lt (Get-Date)) {
                    $Cert | Remove-Item
                }
            }


    This is what I've tried to add the issuer but I can't get it to work:

            $Certs = Get-ChildItem "Cert:\LocalMachine\My" -Recurse
           Foreach($Cert in $Certs) {
                If($Cert.NotAfter -lt (Get-Date) -and ($_.issuer -eq "Issuer Name") {
                    $Cert | Remove-Item
                }
            }

    Additionally it would be cool to be able to also base the condition on if the Certificate was issued to the FQ host name of the client but this is less important.

    Any help in the right direction is appreciated.

    Wednesday, March 18, 2020 11:14 PM

All replies

  • Get-ChildItem Cert:\LocalMachine\My | 
        Where{
            Write-Host $_.Subject $_.NotAfter -Fore Green
            $_.Issuer -match 'dsalocal.intel.com' -and
            $_.NotAfter -lt [datetime]::Now 
        } |
        Remove-Item


    \_(ツ)_/

    Wednesday, March 18, 2020 11:32 PM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Yang Yang
    Tuesday, March 24, 2020 1:56 AM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Yang Yang

    Monday, March 30, 2020 6:04 AM