We knew it had to come to this. All these posts about examining .cer files, scanning for certificates being served on :443, and auditing the LocalComputer\My certificate store. We knew there had to come a time when we programmatically import and remove certificates.
And right after that, we know we will unwittingly shoot ourselves in the foot full-auto.
Still, it has to be done. Here’s a library of functions that will import and delete certificates, as well as display the Root CA for a given certificate. Hey, that last one is a read-only operation, so it’s mostly harmless. (Yes, I remember to $store.Close()…)
Remember: With great power comes great responsibility.