Certificate serial and thumbprint number spacing











up vote
1
down vote

favorite












We have a Microsoft PKI setup at our organization. As per just about all certificates I've ever seen, new certificates issued by our issuing CAs will put the serial number and thumbprint in a HEX format with each byte separated by a space. Recently we had an HSM upgrade, no real changes made to our CAs aside from getting them setup with the HSM. Now all new certificates are being issued with serial numbers and thumbprints, still in HEX (I see letters), but no spaces anymore.



Could this be something the HSM is doing (its a Thales device)?



Is there some place in a Microsoft PKI to change the formatting of these numbers?



Should I even care?



I know how an application uses a certificate serial/thumbprint number is specific to that application. Some require you take out the spaces and some don't. But some applications read it directly from the cert store and I wonder if the atypical format would mess them up. Are there any known issues with having the certificates issued in this format?



At the moment we haven't had any reported issues. Smart card AuthN and our SCCM workstation certs seems to be working just fine with the new certs.



I would assume the serial number and thumbprint are stored in some fixed number of bytes in the file and thus this formatting was purely a result of whatever viewer I'm using. At first I thought this may just be something new with the Windows certificate viewer and Windows 10 1809, but older certificates are still displayed with the spaces, so it doesn't appear to be the viewer that changed and I have to assume it is something with the format of the certificate file.










share|improve this question







New contributor




New Guy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Interesting. I don't believe the HSM is involved in generating the serial numbers -- only computing the signature.
    – Mike Ounsworth
    3 hours ago










  • yes, i would agree with that....in truth i do think this is a cert viewer issue...but since i can still see old certs having spaces it has me a bit baffled
    – New Guy
    3 hours ago






  • 1




    How are you "seeing" those values? The certificates themselves should be in ASN.1, so it the actual bytes would be binary, and HEX just its representation.
    – Ángel
    3 hours ago















up vote
1
down vote

favorite












We have a Microsoft PKI setup at our organization. As per just about all certificates I've ever seen, new certificates issued by our issuing CAs will put the serial number and thumbprint in a HEX format with each byte separated by a space. Recently we had an HSM upgrade, no real changes made to our CAs aside from getting them setup with the HSM. Now all new certificates are being issued with serial numbers and thumbprints, still in HEX (I see letters), but no spaces anymore.



Could this be something the HSM is doing (its a Thales device)?



Is there some place in a Microsoft PKI to change the formatting of these numbers?



Should I even care?



I know how an application uses a certificate serial/thumbprint number is specific to that application. Some require you take out the spaces and some don't. But some applications read it directly from the cert store and I wonder if the atypical format would mess them up. Are there any known issues with having the certificates issued in this format?



At the moment we haven't had any reported issues. Smart card AuthN and our SCCM workstation certs seems to be working just fine with the new certs.



I would assume the serial number and thumbprint are stored in some fixed number of bytes in the file and thus this formatting was purely a result of whatever viewer I'm using. At first I thought this may just be something new with the Windows certificate viewer and Windows 10 1809, but older certificates are still displayed with the spaces, so it doesn't appear to be the viewer that changed and I have to assume it is something with the format of the certificate file.










share|improve this question







New contributor




New Guy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Interesting. I don't believe the HSM is involved in generating the serial numbers -- only computing the signature.
    – Mike Ounsworth
    3 hours ago










  • yes, i would agree with that....in truth i do think this is a cert viewer issue...but since i can still see old certs having spaces it has me a bit baffled
    – New Guy
    3 hours ago






  • 1




    How are you "seeing" those values? The certificates themselves should be in ASN.1, so it the actual bytes would be binary, and HEX just its representation.
    – Ángel
    3 hours ago













up vote
1
down vote

favorite









up vote
1
down vote

favorite











We have a Microsoft PKI setup at our organization. As per just about all certificates I've ever seen, new certificates issued by our issuing CAs will put the serial number and thumbprint in a HEX format with each byte separated by a space. Recently we had an HSM upgrade, no real changes made to our CAs aside from getting them setup with the HSM. Now all new certificates are being issued with serial numbers and thumbprints, still in HEX (I see letters), but no spaces anymore.



Could this be something the HSM is doing (its a Thales device)?



Is there some place in a Microsoft PKI to change the formatting of these numbers?



Should I even care?



I know how an application uses a certificate serial/thumbprint number is specific to that application. Some require you take out the spaces and some don't. But some applications read it directly from the cert store and I wonder if the atypical format would mess them up. Are there any known issues with having the certificates issued in this format?



At the moment we haven't had any reported issues. Smart card AuthN and our SCCM workstation certs seems to be working just fine with the new certs.



I would assume the serial number and thumbprint are stored in some fixed number of bytes in the file and thus this formatting was purely a result of whatever viewer I'm using. At first I thought this may just be something new with the Windows certificate viewer and Windows 10 1809, but older certificates are still displayed with the spaces, so it doesn't appear to be the viewer that changed and I have to assume it is something with the format of the certificate file.










share|improve this question







New contributor




New Guy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











We have a Microsoft PKI setup at our organization. As per just about all certificates I've ever seen, new certificates issued by our issuing CAs will put the serial number and thumbprint in a HEX format with each byte separated by a space. Recently we had an HSM upgrade, no real changes made to our CAs aside from getting them setup with the HSM. Now all new certificates are being issued with serial numbers and thumbprints, still in HEX (I see letters), but no spaces anymore.



Could this be something the HSM is doing (its a Thales device)?



Is there some place in a Microsoft PKI to change the formatting of these numbers?



Should I even care?



I know how an application uses a certificate serial/thumbprint number is specific to that application. Some require you take out the spaces and some don't. But some applications read it directly from the cert store and I wonder if the atypical format would mess them up. Are there any known issues with having the certificates issued in this format?



At the moment we haven't had any reported issues. Smart card AuthN and our SCCM workstation certs seems to be working just fine with the new certs.



I would assume the serial number and thumbprint are stored in some fixed number of bytes in the file and thus this formatting was purely a result of whatever viewer I'm using. At first I thought this may just be something new with the Windows certificate viewer and Windows 10 1809, but older certificates are still displayed with the spaces, so it doesn't appear to be the viewer that changed and I have to assume it is something with the format of the certificate file.







certificates public-key-infrastructure certificate-authority






share|improve this question







New contributor




New Guy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




New Guy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




New Guy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 3 hours ago









New Guy

1083




1083




New contributor




New Guy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





New Guy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






New Guy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • Interesting. I don't believe the HSM is involved in generating the serial numbers -- only computing the signature.
    – Mike Ounsworth
    3 hours ago










  • yes, i would agree with that....in truth i do think this is a cert viewer issue...but since i can still see old certs having spaces it has me a bit baffled
    – New Guy
    3 hours ago






  • 1




    How are you "seeing" those values? The certificates themselves should be in ASN.1, so it the actual bytes would be binary, and HEX just its representation.
    – Ángel
    3 hours ago


















  • Interesting. I don't believe the HSM is involved in generating the serial numbers -- only computing the signature.
    – Mike Ounsworth
    3 hours ago










  • yes, i would agree with that....in truth i do think this is a cert viewer issue...but since i can still see old certs having spaces it has me a bit baffled
    – New Guy
    3 hours ago






  • 1




    How are you "seeing" those values? The certificates themselves should be in ASN.1, so it the actual bytes would be binary, and HEX just its representation.
    – Ángel
    3 hours ago
















Interesting. I don't believe the HSM is involved in generating the serial numbers -- only computing the signature.
– Mike Ounsworth
3 hours ago




Interesting. I don't believe the HSM is involved in generating the serial numbers -- only computing the signature.
– Mike Ounsworth
3 hours ago












yes, i would agree with that....in truth i do think this is a cert viewer issue...but since i can still see old certs having spaces it has me a bit baffled
– New Guy
3 hours ago




yes, i would agree with that....in truth i do think this is a cert viewer issue...but since i can still see old certs having spaces it has me a bit baffled
– New Guy
3 hours ago




1




1




How are you "seeing" those values? The certificates themselves should be in ASN.1, so it the actual bytes would be binary, and HEX just its representation.
– Ángel
3 hours ago




How are you "seeing" those values? The certificates themselves should be in ASN.1, so it the actual bytes would be binary, and HEX just its representation.
– Ángel
3 hours ago










1 Answer
1






active

oldest

votes

















up vote
5
down vote



accepted










It is solely certificate viewer, nothing else. Microsoft time by time tweak/change certificate viewer. Prior to Windows 10, hex values were printed in octets separated by a space, now they removed space. Though, public keys and public key parameters are printed in octets with spaces.



The fact that you see spaces for some certs is related to certificate store. Certificate Viewer uses store-attached properties to fill fields in cert viewer. Since property value wasn't changed, it is shows as it was written (when spaces were used). Unlike certificate contents, certificate properties often use formatted strings instead of byte arrays.



I wouldn't care about this.






share|improve this answer

















  • 1




    Yes indeed that is the issue. I was just about to come back and close this question as I realized I was just mixing up a Windows 10 1607 machine RDP session and a Windows 10 1809 session. Silly me.
    – New Guy
    3 hours ago











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






New Guy is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f199720%2fcertificate-serial-and-thumbprint-number-spacing%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
5
down vote



accepted










It is solely certificate viewer, nothing else. Microsoft time by time tweak/change certificate viewer. Prior to Windows 10, hex values were printed in octets separated by a space, now they removed space. Though, public keys and public key parameters are printed in octets with spaces.



The fact that you see spaces for some certs is related to certificate store. Certificate Viewer uses store-attached properties to fill fields in cert viewer. Since property value wasn't changed, it is shows as it was written (when spaces were used). Unlike certificate contents, certificate properties often use formatted strings instead of byte arrays.



I wouldn't care about this.






share|improve this answer

















  • 1




    Yes indeed that is the issue. I was just about to come back and close this question as I realized I was just mixing up a Windows 10 1607 machine RDP session and a Windows 10 1809 session. Silly me.
    – New Guy
    3 hours ago















up vote
5
down vote



accepted










It is solely certificate viewer, nothing else. Microsoft time by time tweak/change certificate viewer. Prior to Windows 10, hex values were printed in octets separated by a space, now they removed space. Though, public keys and public key parameters are printed in octets with spaces.



The fact that you see spaces for some certs is related to certificate store. Certificate Viewer uses store-attached properties to fill fields in cert viewer. Since property value wasn't changed, it is shows as it was written (when spaces were used). Unlike certificate contents, certificate properties often use formatted strings instead of byte arrays.



I wouldn't care about this.






share|improve this answer

















  • 1




    Yes indeed that is the issue. I was just about to come back and close this question as I realized I was just mixing up a Windows 10 1607 machine RDP session and a Windows 10 1809 session. Silly me.
    – New Guy
    3 hours ago













up vote
5
down vote



accepted







up vote
5
down vote



accepted






It is solely certificate viewer, nothing else. Microsoft time by time tweak/change certificate viewer. Prior to Windows 10, hex values were printed in octets separated by a space, now they removed space. Though, public keys and public key parameters are printed in octets with spaces.



The fact that you see spaces for some certs is related to certificate store. Certificate Viewer uses store-attached properties to fill fields in cert viewer. Since property value wasn't changed, it is shows as it was written (when spaces were used). Unlike certificate contents, certificate properties often use formatted strings instead of byte arrays.



I wouldn't care about this.






share|improve this answer












It is solely certificate viewer, nothing else. Microsoft time by time tweak/change certificate viewer. Prior to Windows 10, hex values were printed in octets separated by a space, now they removed space. Though, public keys and public key parameters are printed in octets with spaces.



The fact that you see spaces for some certs is related to certificate store. Certificate Viewer uses store-attached properties to fill fields in cert viewer. Since property value wasn't changed, it is shows as it was written (when spaces were used). Unlike certificate contents, certificate properties often use formatted strings instead of byte arrays.



I wouldn't care about this.







share|improve this answer












share|improve this answer



share|improve this answer










answered 3 hours ago









Crypt32

2,323511




2,323511








  • 1




    Yes indeed that is the issue. I was just about to come back and close this question as I realized I was just mixing up a Windows 10 1607 machine RDP session and a Windows 10 1809 session. Silly me.
    – New Guy
    3 hours ago














  • 1




    Yes indeed that is the issue. I was just about to come back and close this question as I realized I was just mixing up a Windows 10 1607 machine RDP session and a Windows 10 1809 session. Silly me.
    – New Guy
    3 hours ago








1




1




Yes indeed that is the issue. I was just about to come back and close this question as I realized I was just mixing up a Windows 10 1607 machine RDP session and a Windows 10 1809 session. Silly me.
– New Guy
3 hours ago




Yes indeed that is the issue. I was just about to come back and close this question as I realized I was just mixing up a Windows 10 1607 machine RDP session and a Windows 10 1809 session. Silly me.
– New Guy
3 hours ago










New Guy is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















New Guy is a new contributor. Be nice, and check out our Code of Conduct.













New Guy is a new contributor. Be nice, and check out our Code of Conduct.












New Guy is a new contributor. Be nice, and check out our Code of Conduct.
















Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f199720%2fcertificate-serial-and-thumbprint-number-spacing%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

flock() on closed filehandle LOCK_FILE at /usr/bin/apt-mirror

Mangá

Eduardo VII do Reino Unido