My new job requires company's custom CA certificate to be installed. It is ok until I'm working, but I don't want this CA certificate to be active during non-working time.
Are there any ways programmatically switch between different sets of CA certificates or maybe programmatic activation/deactivation of CA certificate?
That's really a misuse of certificates. If you've added a Root CA certificate to your trust-anchor store then you are saying that you trust that issuer. You can't trust it during the day, but not at night and weekends. You either do or you don't.
If you want to stop users accessing a service out-of-hours then disable that service or disable user accounts.
That's not to say you couldn't script something to take a certificate in or out of the trust store - PowerShell can help you on Windows for example - but it would always be a hack. What's to stop users adding the certificate back to their trust-anchor store once your script has removed it?
