# Windows – way to quickly disable all trusted root certificates in Windows 7

ssl-certificatewindows 7

(I've posted this earlier to superuser)

I'd like to temporarily disable all trusted root certificates and wondering if there is a quicker way than going through every single one of them, right-click Properties and selecting "Disable all purposes for this certificate" (and then trying to find where I left off after the list in mmc scrolls back to the top)?

Just as @Grant mentioned, Powershell can be used to remove (effectively disabling) the certificates from the store. An export can be done prior to the removal so you can re-import them back to the store.

To export & remove from the store:

Add-Type -AssemblyName System.Security

$exportPath = 'c:\temp\certexport'$certStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList 'Root', 'LocalMachine'

$certStore.Open('ReadWrite') foreach ($cert in $certStore.Certificates) { # Export cert to a .cer file.$certPath = Join-Path -Path $exportPath -ChildPath "$($cert.Thumbprint).cer" [System.IO.File]::WriteAllBytes($certPath, $cert.Export('Cert')) # Remove the cert from the store.$certStore.Remove($cert) }$certStore.Close()


To re-import them back to the store:

Add-Type -AssemblyName System.Security

$exportPath = 'c:\temp\certexport'$certStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList 'Root', 'LocalMachine'

$certStore.Open('ReadWrite') Get-ChildItem -Path$exportPath -Filter *.cer | ForEach-Object {

$cert = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate($_.FullName)

$certStore.Add($cert)
}
\$certStore.Close()