Get-Childitem cert:LocalMachineroot |format-list
Get-ChildItem cert:LocalMachineroot | Where {$_.NotAfter -lt (Get-Date).AddDays(40)}
rootsupd.exe /c /t: C:PSrootsupd
updroots.exe authroots.sst
updroots.exe -d delroots.sst
certutil.exe -generateSSTFromWU roots.sst
certutil -syncWithWU
. The certificates obtained in this way can be deployed on Windows clients using GPO.$sstStore = ( Get-ChildItem -Path C:psrootsupdroots.sst )
$sstStore | Import-Certificate -CertStoreLocation Cert:LocalMachineRoot
updroots.exe roots.sst
certutil -addstore -f root authroot.stl
certutil -addstore -f disallowed disallowedcert.stl
certutil.exe –generateSSTFromWU roots.sst
$sstStore = (Get-ChildItem -Path fr-dc01SYSVOLwoshub.comrootcertroots.sst )
$sstStore | Import-Certificate -CertStoreLocation Cert:LocalMachineRoot
Certutil -syncWithWU -f fr-dc01SYSVOLwoshub.comrootcert