Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Installing Security Certificate via GPO - which format to use

Posted on 2013-12-05
4
Medium Priority
?
1,412 Views
Last Modified: 2013-12-11
This is on a Windows 2008 R2 Active Directory with Windows 7 clients. I want to push out a Security Certificate via GPO. Which format should i use? I have .pem .der and .p7b. Thanks.
0
Comment
Question by:criskrit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 25

Expert Comment

by:Mohammed Khawaja
ID: 39698934
I recommend using .pem
0
 

Author Comment

by:criskrit
ID: 39698960
.pem doesn't seem to be a windows format. Won't this be a problem? the GPO seems to read it fine.
0
 
LVL 3

Accepted Solution

by:
cristiantm earned 1400 total points
ID: 39700702
It is not a recognized windows *extension*. One thing is the extension, that gives windows a hint of what is inside. Another is the *format*.

DER is the ANS.1 data encoded in binary. PEM is a base64 encoded version this data with some headers. And p7b is a PKCS#7 certificate bundle.

You can rename the ".pem" files to .crt, .cer, and even .der, and Windows will recognize them as a certificate. And when windows opens it, it will interpret it if it is PEM or DER encoded.

Regarding which one is recommended:

A PEM certificate will be DER converted by the system before its ANS.1 data is interpreted. So you probably would better serve them already DER encoded. But really, this base conversion is not that costly so you may use any of it.

But PEM only is relevant when you need to transport it for some reason using only printable chars. Its not the case so really there is no need to use it, but not a problem if you use it too.
0
 

Author Comment

by:criskrit
ID: 39712285
Great, thanks for the detailed explanation. :-)
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question