See attached PDF file.
Please note the attached PDF links to the SCCM 2003 toolkit, for the tool CCMDELETECERT, which is no longer available. It was replaced with CCMDELCERT, which has been deprecated as well as of SCCM 2012. However, it’s possible to achieve the same function with PowerShell.
From http://www.adamtheautomator.com/remove-certificates-powershell/
## This can be a remote PC name as well$pc = 'MyComputer'$cert_store = 'My'$store = New-Object system.security.cryptography.X509Certificates.X509Store("\$pc$cert_store",'LocalMachine')#LocalMachine could also be LocalUser$store.Open('ReadWrite')## Find all certs that have an Issuer of my old CA$certs = $store.Certificates | ? {$_.Issuer -eq 'CN=HOST.DOMAIN.COM, DC=DOMAIN, DC=EXT'}## Remove all the certs it finds$certs | % {$store.Remove($_)}
If you’re not sure what “Issuer” to specify, run “$store.Certificates | select Subject,Issuer” after the Open() call to see what issuer is associated with each certificate it finds.