I had an issue where a certificate template was inadvertently used for all users and machines. Creating a new request daily. For 3 months. Without overwriting the old request. Ouch.

So in my Certificate Authority MMC I saw under Issued Certificates thousands of certs that were expired and I wanted them to just go away. Enter the Admin Command Prompt (I didn’t try with powershell).

certutil -deleterow 5/10/2016 Cert
Apparently this command will only delete up to 3000 per attempt, so I had to run it a few times to get my results.