Request and remove a certificate using Active Directory templates
Request and remove a certificate using Active Directory templates

You can request from Powershell a certificate from your Active Directory PKI. In that case you will use the cmdlet Get-Certificate. If you already know the template you want to use (for example Enhanced Web Server), you can use this command:

Get-Certificate -Template 'EnhancedWebServer' -SubjectName "cn=mywebserver.domain.intra,c=FR" -DnsName mywebserver.domain.intra,myhome.domain.intra -CertStoreLocation Cert:\LocalMachine\My

In that example, the certificate is request to the PKI with the following info:

  • Subject :
    • CN=mywebserver.domain.intra
    • C=FR
  • SAN :
    • DNS=mywebserver.domain.intra
    • DNS=myhome.domain.intra

Installation location : Local machine certificate store

To delete the certificate created above, we need first to find the certificate thumbprint :

gci cert:\LocalMachine\my | select * | ? { $_.Subject -match "mywebserver" }

If the output is corresponding to the certificate we have previously created, note the thumbprint and run the command:

Remove-Item "cert:\LocalMachine\My\AA7D1D04FFFFFAB6C6E704FFF32DA5803C515E49" -DeleteKey -Confirm:$true
Confirm
Are you sure you want to perform this action?
Performing the operation "Remove certificate and its private key." on target "Item:LocalMachine\My\AA7D1D04FFFFFAB6C6E704FFF32DA5803C515E49 ".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

<>

My Powershell script categories

Request and remove a certificate using Active Directory templates

Leave a Reply

Your email address will not be published. Required fields are marked *