Solved

Installing Security Certificate via GPO - which format to use

Posted on 2013-12-05
4
1,268 Views
Last Modified: 2013-12-11
This is on a Windows 2008 R2 Active Directory with Windows 7 clients. I want to push out a Security Certificate via GPO. Which format should i use? I have .pem .der and .p7b. Thanks.
0
Comment
Question by:criskrit
  • 2
4 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 39698934
I recommend using .pem
0
 

Author Comment

by:criskrit
ID: 39698960
.pem doesn't seem to be a windows format. Won't this be a problem? the GPO seems to read it fine.
0
 
LVL 3

Accepted Solution

by:
cristiantm earned 350 total points
ID: 39700702
It is not a recognized windows *extension*. One thing is the extension, that gives windows a hint of what is inside. Another is the *format*.

DER is the ANS.1 data encoded in binary. PEM is a base64 encoded version this data with some headers. And p7b is a PKCS#7 certificate bundle.

You can rename the ".pem" files to .crt, .cer, and even .der, and Windows will recognize them as a certificate. And when windows opens it, it will interpret it if it is PEM or DER encoded.

Regarding which one is recommended:

A PEM certificate will be DER converted by the system before its ANS.1 data is interpreted. So you probably would better serve them already DER encoded. But really, this base conversion is not that costly so you may use any of it.

But PEM only is relevant when you need to transport it for some reason using only printable chars. Its not the case so really there is no need to use it, but not a problem if you use it too.
0
 

Author Comment

by:criskrit
ID: 39712285
Great, thanks for the detailed explanation. :-)
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now