Download deletesystemstore.exe (digitally signed)
The authenticode utility
makecert.exe
can automatically create
certificate stores using the ss switch. This may be useful for
test and development purposes. However, makecert.exe does not provide
a switch to remove stores. Certificates can be manually removed, but the store
persists.
cryptoAPI provides two alternative methods for removing unwanted stores (and the certificates
contained therein):
The following Java application DeleteSystemStore.java (converted to a win32 console application using jexegen.exe) uses the CertUnregisterSystemStore approach via J/Direct to provide this functionality. A very similar approach can be used with .net and C# using Platform-Invoke to call the win32 function.
Console Usage: deletesystemstore cert_store_name
Only deletion of CERT_SYSTEM_STORE_CURRENT_USER stores is enabled, and the user is prompted for confirmation of the deletion before the operation is carried out. Note that the associated key-containers holding the private keys are NOT deleted with this method. The keystores can be deleted, if desired using the crytoAPI function CryptAcquireContext(..) with the CRYPT_DELETEKEYSET flag.