Contents

Method

DeleteCertificates

ModuleSecurity
LibrarySecurity
Action

Deletes every certificate in the local machine cert store (as the agent is run as Local System) with the specified thumbprint.

Parameters

Thumbprint (string): The SHA1 thumbprint of the certificate.

If the thumbprint string is copied from the Crypto API viewer in Windows, the thumbprint is preceded by a "left to right mark" (Unicode 0x200E / UTF8 surrogates 0xE2 0x80 0x8E - which can look like "‎" in a non-unicode aware editor. In a unicode aware text field this character is one pixel width but invisible on screen unless selected). The agent will handle this character if present, but please be aware of this "invisible" character if you're doing any of your own string comparison in the agent language.

Store (string; optional): The name of the store certificates are to be deleted from. It is preferred that this is the actual name of the store. If a friendly name is supplied, the agent will attempt to map it to a store name. For example, 'Personal' would be mapped to 'My'. The agent can translate a number of default store names. If the agent cannot translate the name supplied, it will attempt to use the supplied string as the actual name of the store and open it anyway. If this is not supplied, the agent will iterate through predefined system stores (and thus you may actually get multiple hits for a particular certificate if it exists in multiple stores).
Return values

Subject(string): The Subject field of the certificate. This contains the Common Name of the certificate, but may also contain other entries.

Thumbprint(string): This is a SHA1 hash of the certificate content and the certificate serial number.

StoreName(string): This is the store the certificate was retrieved from. 

DeletionTime(string): This is the time the certificate was marked for deletion. Please note that the certificate is marked as deleted - they not 'retrievable' once deleted. In Microsoft's words, ' all subsequent attempts to get or find that certificate in that store will fail' . The certificate will actually be deleted once the context's reference count reaches 0.

Example
Security.DeleteCertificates(Store: "Intermediate Certification Authorities", Thumbprint: "ff01505a76635ede2e1815cc7312e1abde0cddcc");
Platforms
  • Windows
Notes