Clear computer Kerberos ticket and certificate cache

Anyone who uses groups to assign permissions knows the problem. After the assignment to a new group, this right is not immediately effective. The tip is then usually to re-login. However, if a server is authorized e.g. to a certificate via a group membership, this means a restart of the server.

However, the correct solution is much simpler: deleting the Kerberos ticket and removing the cache entries from the certificate store. After executing the appropriate commands, it is possible to issue the new certificate.

# Clear Computer Kerberos tickets
klist -li 0x3e7 purge | Out-Null
# Clear certutil cache
certutil -f -policyserver * -policycache delete  | Out-Null