diff --git a/app/Console/Commands/TrustLabCdnPurge.php b/app/Console/Commands/TrustLabCdnPurge.php
new file mode 100644
index 0000000..2d4485b
--- /dev/null
+++ b/app/Console/Commands/TrustLabCdnPurge.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+use App\Services\OpenSslService;
+
+class TrustLabCdnPurge extends Command
+{
+    protected $signature = 'trustlab:cdn-purge {--force : Force the operation without confirmation}';
+    protected $description = 'Purge all Certification Authority assets from the CDN (Cloudflare R2)';
+
+    public function handle(OpenSslService $sslService)
+    {
+        if (!$this->option('force') && !$this->confirm('This will PERMANENTLY delete all CA files from the CDN. Continue?')) {
+            $this->info('Operation cancelled.');
+            return 0;
+        }
+
+        $this->info('Purging CDN assets...');
+        
+        try {
+            $sslService->purgeAllCaFromCdn();
+            $this->info('CDN successfully purged and local sync status reset.');
+        } catch (\Exception $e) {
+            $this->error('Purge failed: ' . $e->getMessage());
+            return 1;
+        }
+
+        return 0;
+    }
+}
diff --git a/app/Http/Controllers/Api/RootCaApiController.php b/app/Http/Controllers/Api/RootCaApiController.php
index 5a77170..4464040 100644
--- a/app/Http/Controllers/Api/RootCaApiController.php
+++ b/app/Http/Controllers/Api/RootCaApiController.php
@@ -171,6 +171,23 @@ class RootCaApiController extends Controller
         }
     }
 
+    public function purgeCdn()
+    {
+        $this->authorizeAdminOrOwner();
+        try {
+            $this->sslService->purgeAllCaFromCdn();
+            return response()->json([
+                'status' => 'success',
+                'message' => 'CDN assets purged successfully and local sync status reset.'
+            ]);
+        } catch (\Exception $e) {
+            return response()->json([
+                'status' => 'error',
+                'message' => 'Purge failed: ' . $e->getMessage()
+            ], 500);
+        }
+    }
+
     protected function authorizeAdminOrOwner()
     {
         if (!auth()->user()->isAdminOrOwner()) {
diff --git a/app/Services/OpenSslService.php b/app/Services/OpenSslService.php
index 2fc9e83..96fda63 100644
--- a/app/Services/OpenSslService.php
+++ b/app/Services/OpenSslService.php
@@ -942,4 +942,27 @@ class OpenSslService
             return false;
         }
     }
+    /**
+     * Purge everything under the 'ca/' directory on the CDN.
+     */
+    public function purgeAllCaFromCdn()
+    {
+        $disk = Storage::disk('r2-public');
+        
+        if ($disk->exists('ca')) {
+            $disk->deleteDirectory('ca');
+        }
+
+        // Reset local database sync status
+        CaCertificate::query()->update([
+            'last_synced_at' => null,
+            'cert_path' => null,
+            'der_path' => null,
+            'bat_path' => null,
+            'mac_path' => null,
+            'linux_path' => null,
+        ]);
+
+        return true;
+    }
 }
diff --git a/routes/api.php b/routes/api.php
index 254201e..ba79f57 100644
--- a/routes/api.php
+++ b/routes/api.php
@@ -61,6 +61,7 @@ Route::middleware(['auth:sanctum'])->group(function () {
         // Root CA Management (Admin Only)
         Route::get('/admin/ca-certificates', [RootCaApiController::class, 'index']);
         Route::post('/admin/ca-certificates/sync-cdn', [RootCaApiController::class, 'syncToCdn']);
+        Route::post('/admin/ca-certificates/purge-cdn', [RootCaApiController::class, 'purgeCdn']);
         Route::post('/admin/ca-certificates/sync-crt', [RootCaApiController::class, 'syncCrtOnly']);
         Route::post('/admin/ca-certificates/sync-installers', [RootCaApiController::class, 'syncInstallersOnly']);
         Route::post('/admin/ca-certificates/sync-bundles', [RootCaApiController::class, 'syncBundlesOnly']);