How to find and delete previously created certificates based on their dns name using powershell?

Question

I can create a self signed certificate with PowerShell:

$cert = New-SelfSignedCertificate –DnsName www.test.com -CertStoreLocation “cert:\LocalMachine\My”

Because this is an automated test scenario, I must allow multiple runs. Next time I (which is a completely separate session) would like to find all certificates with dns name www.test.com, and completely wipe them. It could be more than one, of course with different thumbprint, etc.

Unfortunatelly I can not find any PowerShell command removes certificates. I suppose I should query based on dns, then in a loop remove...

Question

Can this task solved at all entirely in Powershell? (remove all certificates with given dns name)

Answer 1

If you have PowerShell v3 or greater this becomes very simple, as PS3 introduced the -DnsName parameter to the Certificate provider options of Get-ChildItem. This will find and delete anything with the DNSName of www.test.com:

Get-ChildItem Cert:\ -Recurse -DnsName 'www.test.com' | Remove-Item

It even supports wildcards, so if you have several certificates that you need to clean up with similar names such as 'mailproxy.test.com', 'www.test.com', and 'ftp.test.com' you could run this:

Get-ChildItem Cert:\ -Recurse -DnsName '*.test.com' | Remove-Item

Answer 2

Simple oneliner for this :

Get-ChildItem -Path Cert:\CurrentUser\My | Where-Object {$_.DnsNameList -contains 'www.domain.org'} | Remove-Item

Remove-Item is the command used to remove a certificate.