For one build script I had to know whether certain certificate is present. It took me a while until I found Certutil. Assuming that you know a hash of desired key (and you should) command is simple:
CERTUTIL -silent -verifystore -user My e2d7b02c55d5fe76540bab384d85833376f94c13
In order to automate things you just need to extend it a bit to check exit code:
CERTUTIL -silent -verifystore -user My e2d7b02c55d5fe76540bab384d85833376f94c13
IF ERRORLEVEL 1 ECHO No certificate found.
All nice-and-dandy except that it does not work. For some reason Certutil always returns exit code 0 regardless of success. But not all is lost, command does set ERRORLEVEL environment variable (not the same thing as exit code):
CERTUTIL -silent -verifystore -user My e2d7b02c55d5fe76540bab384d85833376f94c13
IF NOT %ERRORLEVEL%==0 ECHO No certificate found.