/// <summary> /// Attempts to remove any and all certificates in the host OS's trusted root cert store that /// has the same subject name as the given certificate. /// </summary> /// <param name="certificate"> /// The certificate who's subject name to use for matching certificates that need to be removed. /// </param> public static void UninstallCertificateInHostOsTrustStore(X509Certificate certificate) { switch (Environment.OSVersion.Platform) { case PlatformID.Win32NT: { var store = new System.Security.Cryptography.X509Certificates.X509Store(System.Security.Cryptography.X509Certificates.StoreName.Root, System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine); store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite); foreach (var storeCert in store.Certificates) { if (storeCert.SubjectName.Format(false) == certificate.SubjectDN.ToString()) { // Cert with same subject exists. Remove. store.Remove(storeCert); } } } break; default: { throw new PlatformNotSupportedException("This operating system is currently unsupported."); } } }
} // End Function LoadRootCertificate /// <summary> /// Remove the Root Certificate trust /// </summary> /// <param name="storeName"></param> /// <param name="storeLocation"></param> /// <param name="certificate"></param> public static void UninstallCertificate( System.Security.Cryptography.X509Certificates.X509Certificate2 certificate , System.Security.Cryptography.X509Certificates.StoreName storeName , System.Security.Cryptography.X509Certificates.StoreLocation storeLocation ) { if (certificate == null) { throw new System.Exception("Could not remove certificate as it is null or empty."); } using (System.Security.Cryptography.X509Certificates.X509Store x509Store = new System.Security.Cryptography.X509Certificates.X509Store(storeName, storeLocation)) { try { x509Store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.ReadWrite); x509Store.Remove(certificate); } catch (System.Exception e) { throw new System.Exception("Failed to remove root certificate trust " + $" for {storeLocation} store location. You may need admin rights.", e); } finally { x509Store.Close(); } } // End Using x509Store } // End Sub UninstallCertificate
public bool Remove() { bool FoundSuperfishCert = false; bool ProblemDeletingCertificate = false; foreach (var storeValue in Enum.GetValues(typeof(System.Security.Cryptography.X509Certificates.StoreName))) { // Superfish should be in "Root" or "AuthRoot", but check ALL to be safe System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store((System.Security.Cryptography.X509Certificates.StoreName)storeValue); //StorePermission sp = new StorePermission(PermissionState.Unrestricted); //sp.Flags = StorePermissionFlags.OpenStore; store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.MaxAllowed); foreach (System.Security.Cryptography.X509Certificates.X509Certificate2 mCert in store.Certificates) { if (IsSuperfishCert(mCert)) { FoundSuperfishCert = true; Logging.Logger.Log(Logging.LogSeverity.Information, "Found Superfish certificate - Store: " + storeValue.ToString()); try { Logging.Logger.Log(Logging.LogSeverity.Information, " DELETING Certificate: " + mCert.Issuer); store.Remove(mCert); } catch (Exception ex) { ProblemDeletingCertificate = true; Logging.Logger.Log(ex, " Exception deleting certificate: " + ex.ToString()); //throw; } } } } return(FoundSuperfishCert && (!ProblemDeletingCertificate)); }
public bool Remove() { bool FoundSuperfishCert = false; bool ProblemDeletingCertificate = false; foreach (var storeValue in Enum.GetValues(typeof(System.Security.Cryptography.X509Certificates.StoreName))) { // Superfish should be in "Root" or "AuthRoot", but check ALL to be safe System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store((System.Security.Cryptography.X509Certificates.StoreName)storeValue); //StorePermission sp = new StorePermission(PermissionState.Unrestricted); //sp.Flags = StorePermissionFlags.OpenStore; store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.MaxAllowed); foreach (System.Security.Cryptography.X509Certificates.X509Certificate2 mCert in store.Certificates) { if (IsSuperfishCert(mCert)) { FoundSuperfishCert = true; Logging.Logger.Log(Logging.LogSeverity.Information, "Found Superfish certificate - Store: " + storeValue.ToString()); try { Logging.Logger.Log(Logging.LogSeverity.Information, " DELETING Certificate: " + mCert.Issuer); store.Remove(mCert); } catch (Exception ex) { ProblemDeletingCertificate = true; Logging.Logger.Log(ex, " Exception deleting certificate: " + ex.ToString()); //throw; } } } } return (FoundSuperfishCert && (!ProblemDeletingCertificate)); }