Solved

Installing Security Certificate via GPO - which format to use

Posted on 2013-12-05
4
1,241 Views
Last Modified: 2013-12-11
This is on a Windows 2008 R2 Active Directory with Windows 7 clients. I want to push out a Security Certificate via GPO. Which format should i use? I have .pem .der and .p7b. Thanks.
0
Comment
Question by:criskrit
  • 2
4 Comments
 
LVL 24

Expert Comment

by:Mohammed Khawaja
ID: 39698934
I recommend using .pem
0
 

Author Comment

by:criskrit
ID: 39698960
.pem doesn't seem to be a windows format. Won't this be a problem? the GPO seems to read it fine.
0
 
LVL 3

Accepted Solution

by:
cristiantm earned 350 total points
ID: 39700702
It is not a recognized windows *extension*. One thing is the extension, that gives windows a hint of what is inside. Another is the *format*.

DER is the ANS.1 data encoded in binary. PEM is a base64 encoded version this data with some headers. And p7b is a PKCS#7 certificate bundle.

You can rename the ".pem" files to .crt, .cer, and even .der, and Windows will recognize them as a certificate. And when windows opens it, it will interpret it if it is PEM or DER encoded.

Regarding which one is recommended:

A PEM certificate will be DER converted by the system before its ANS.1 data is interpreted. So you probably would better serve them already DER encoded. But really, this base conversion is not that costly so you may use any of it.

But PEM only is relevant when you need to transport it for some reason using only printable chars. Its not the case so really there is no need to use it, but not a problem if you use it too.
0
 

Author Comment

by:criskrit
ID: 39712285
Great, thanks for the detailed explanation. :-)
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now