Remove Expired Windows Certificates

There are 2 distinct parts to any solution and they can be done independently.

  • The most important thing to figure out is how to remove the problematic certificates on the command line NOT using bigfix.
  • Don’t start with “How do I do this with BigFix?”
  • Start with “How do I do this automatically without a GUI?” (command line)
  • You really just need to know how to remove 1 of them, not all.
  • Provide the working code here
  • wrap it up in actionscript and test it through bigfix
  • The next thing to figure out is how to detect that the problematic certificates exist using BigFix Relevance.
  • This step is technically optional, but you should definitely endeavor to figure this out eventually so that you can detect when computers have this problem and when they no longer have this problem.
  • I recommend starting with an analysis that reports actual data about the situation, not just a TRUE/FALSE value.
  • The analysis and the data it collects will help determine the best way to turn that relevance into the best “applicability” relevance that returns a TRUE/FALSE value.

  • How do they appear in the GUI?
  • Can you provide (redacted) screenshots?
  • Can you find the certs in the registry?
  • Any commands that provide useful output related to this?
  • Any websites or documentation you have found that seems related and useful?

I’ll see what I can dig up that I have related to this problem.

Related: