Remove Expired Certs in LocalMachine\My remotely using Powershell

[Armando Torres]

Any help will be appreciated.
I have hundred of servers with Certs in the LocalMachine\My Store.
I can see the Cert opening a Session and Running Get-ChildItem cert:\Localmachine\my.
Is their a way that I removed only the Cert that are expired using a powershell script?
I have a list of servers in a text file.

I have tried this with no success:

$today = Get-Date
$session = New-PsSession -ComputerName TestServer
Invoke-Command -ComputerName $session { Get-ChildItem -Path Cert:\LocalMachine\My } | foreach { If ( $_.NotAfter -lt $today) { $_.Remove($Cert) }
}

Thanks!

[Tom]

I don't know if this is still true, but I read that the cert provider in powershell is readonly.

http://www.leeholmes.com/blog/2007/08/23/removing-certificates-from-the-certificate-store/

So you have to create a store object first.

$store = new-object system.security.cryptography.x509certificates.x509Store 'My','LocalMachine'
$store.Open('ReadWrite')

Invoke-Command [...]

$store.close

[Tom]

Since Powershell 3.0 this method should work for you

Get-ChildItem -Path cert:\LocalMachine\WebHosting -ExpiringInDays 0 | Remove-Item

https://technet.microsoft.com/en-us/library/hh847855%28v=wps.620%29.aspx

[ATG]

I am running powershell version 4.
I tried using Get-ChildItem -Path cert:\LocalMachine\My -ExpiringInDays 0 | Remove-Item; and get the following error:
Get-ChildItem : A parameter cannot be found that matches parameter name 'ExpiringInDays'.
At line:1 char:43

[Tom]

Powershell overrides the Get-Childitem cmdlet in the cert-store. So you have to set your location to cert: first.

Set-Location cert:
or
cd cert: