Webinar: PKI Insights - Best Practices for Improving your PKI Posture Management Program for your Digital Certificates and Encryption by PKI Solutions

PowerShell PKI Module Documentation

Documentation Home

Remove-CertificatePrivateKey

Synopsis

Disassociates certificate from private key and deletes physical private key material.

Syntax

Remove-CertificatePrivateKey [-Certificate] <X509Certificate2[]> [<CommonParameters>]

Description

Disassociates certificate from private key and deletes physical private key material. When you delete the certificate using Certificates MMC snap-in, certutil.exe command-line tool, or use Remove-Item cmdlet against Cert:\ PSDrive, only public part of the certificate is deleted and private key material is left on a system thus giving a false sense of destroyed key. This cmdlet ensures that the private key physical material is really destroyed. A PIN prompt may appear when private key is stored on a Smart Card or Hardware Security Module (HSM).

The function returns True if certificate has associated private key and the key was deleted. The function returns False if there is no associated private key.

Parameters

-Certificate <X509Certificate2[]>

Certificate object to delete private key material for.

Required? True
Position? 0
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

System.Security.Cryptography.X509Certificates.X509Certificate2

Outputs

System.Boolean

Notes

Examples

Example 1

PS C:\> Get-Item Cert:\CurrentUser\My\D5643407CD9F4B9566FB6486E3B33C08713C191D | Remove-CertificatePrivateKey

Retrieves certificate with thumbprint 'D5643407CD9F4B9566FB6486E3B33C08713C191D' from currently logged on user personal store and deletes private key material.

Related links

Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions