Solved

Installing Security Certificate via GPO - which format to use

Posted on 2013-12-05
4
1,324 Views
Last Modified: 2013-12-11
This is on a Windows 2008 R2 Active Directory with Windows 7 clients. I want to push out a Security Certificate via GPO. Which format should i use? I have .pem .der and .p7b. Thanks.
0
Comment
Question by:criskrit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 39698934
I recommend using .pem
0
 

Author Comment

by:criskrit
ID: 39698960
.pem doesn't seem to be a windows format. Won't this be a problem? the GPO seems to read it fine.
0
 
LVL 3

Accepted Solution

by:
cristiantm earned 350 total points
ID: 39700702
It is not a recognized windows *extension*. One thing is the extension, that gives windows a hint of what is inside. Another is the *format*.

DER is the ANS.1 data encoded in binary. PEM is a base64 encoded version this data with some headers. And p7b is a PKCS#7 certificate bundle.

You can rename the ".pem" files to .crt, .cer, and even .der, and Windows will recognize them as a certificate. And when windows opens it, it will interpret it if it is PEM or DER encoded.

Regarding which one is recommended:

A PEM certificate will be DER converted by the system before its ANS.1 data is interpreted. So you probably would better serve them already DER encoded. But really, this base conversion is not that costly so you may use any of it.

But PEM only is relevant when you need to transport it for some reason using only printable chars. Its not the case so really there is no need to use it, but not a problem if you use it too.
0
 

Author Comment

by:criskrit
ID: 39712285
Great, thanks for the detailed explanation. :-)
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question