C# Delete Certificates from a Local Machine Certificates Store

Posted: April 29, 2009 in Uncategorized

The following code compiles to a command line executable that removes a certificate from a Certificate Store based on some properties of the certificates and when a replacement is in place. I’ve also removed a couple of errors from the previous post.

using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Collections;

namespace storetest
    class Program
        static void Main(string[] args)
                bool newPresent=false;
                bool oldPresent = false;
                bool newIPSECPresent = false;
                bool oldIPSECPresent = false;
                bool IPSECPresent = false;
                //X509Certificate2 oldcert= new X509Certificate2();
                EventLogger eLog = new EventLogger();
                string issuerName=null;
                ArrayList oldcerts = new ArrayList();

                //Set Store object to the local machine store
                X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
                //Set suitable permission
                //Loop through the certs
                foreach (X509Certificate2 cert in store.Certificates)
                    Console.WriteLine("SubjectName:" + cert.SubjectName.Name);
                    issuerName = cert.Issuer;
                    Console.WriteLine("IssuerName:" + issuerName);
                    if (issuerName.Contains("AS-L2CA") || issuerName.Contains("AS-CA"))
                        oldPresent = true;
                    if (issuerName.Contains("L1CA"))
                        newPresent = true;
                    //Loop through cert extensions
                    foreach (X509Extension ext in cert.Extensions)
                        //Is it an ipsec
                        if (ext.Format(true).Contains("IP security end system"))
                            IPSECPresent = true;
                            Console.WriteLine("IPSEC Present");
                    //If its from the old ca and ipsec then we can set it to be deleted
                    if (oldPresent && IPSECPresent)
                        //use array to handle multiples
                        oldIPSECPresent = true;
                    if (newPresent && IPSECPresent)
                        newIPSECPresent = true;
                    //reset test
                    oldPresent = false;
                    newPresent = false;
                    IPSECPresent = false;
                //If the old cert and the new cert exists then delete the old
               if (newIPSECPresent && oldIPSECPresent)
                   //Loop through certificate array removing
                   foreach(X509Certificate2 oldcert in oldcerts){
                       Console.WriteLine("Removed: "+ oldcert.SubjectName.Name);
                   Console.WriteLine("Certificates removed");
                   eLog.updateEventLog("TA IPSEC certificates removed",1);
                //If the old cert is presetn but the new one isnt then alert to log
               if (!newIPSECPresent && oldIPSECPresent)
                   eLog.updateEventLog("No CI IPSEC cert so TA IPSEC cert untouched", 2);
               if (!newIPSECPresent && !oldIPSECPresent)
                   eLog.updateEventLog("No IPSEC Certificates present", 3);
               if (newIPSECPresent && !oldIPSECPresent)
                   eLog.updateEventLog("No TA IPSEC Certificates present", 4);
            catch (Exception Ex) {
                EventLogger eLog = new EventLogger();
                eLog.updateEventLog(Ex.Message, 5);

Blacklog is a product of Blacktip Ltd

Feel free to link me in Mark Sutton CISSP
View Mark Sutton CISSP's profile on LinkedIn
I can also be found at twitter msutton


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s