Certificate serial and thumbprint number spacing












1















We have a Microsoft PKI setup at our organization. As per just about all certificates I've ever seen, new certificates issued by our issuing CAs will put the serial number and thumbprint in a HEX format with each byte separated by a space. Recently we had an HSM upgrade, no real changes made to our CAs aside from getting them setup with the HSM. Now all new certificates are being issued with serial numbers and thumbprints, still in HEX (I see letters), but no spaces anymore.



Could this be something the HSM is doing (its a Thales device)?



Is there some place in a Microsoft PKI to change the formatting of these numbers?



Should I even care?



I know how an application uses a certificate serial/thumbprint number is specific to that application. Some require you take out the spaces and some don't. But some applications read it directly from the cert store and I wonder if the atypical format would mess them up. Are there any known issues with having the certificates issued in this format?



At the moment we haven't had any reported issues. Smart card AuthN and our SCCM workstation certs seems to be working just fine with the new certs.



I would assume the serial number and thumbprint are stored in some fixed number of bytes in the file and thus this formatting was purely a result of whatever viewer I'm using. At first I thought this may just be something new with the Windows certificate viewer and Windows 10 1809, but older certificates are still displayed with the spaces, so it doesn't appear to be the viewer that changed and I have to assume it is something with the format of the certificate file.










share|improve this question























  • Interesting. I don't believe the HSM is involved in generating the serial numbers -- only computing the signature.

    – Mike Ounsworth
    Dec 13 '18 at 21:09











  • yes, i would agree with that....in truth i do think this is a cert viewer issue...but since i can still see old certs having spaces it has me a bit baffled

    – New Guy
    Dec 13 '18 at 21:30






  • 1





    How are you "seeing" those values? The certificates themselves should be in ASN.1, so it the actual bytes would be binary, and HEX just its representation.

    – Ángel
    Dec 13 '18 at 21:36
















1















We have a Microsoft PKI setup at our organization. As per just about all certificates I've ever seen, new certificates issued by our issuing CAs will put the serial number and thumbprint in a HEX format with each byte separated by a space. Recently we had an HSM upgrade, no real changes made to our CAs aside from getting them setup with the HSM. Now all new certificates are being issued with serial numbers and thumbprints, still in HEX (I see letters), but no spaces anymore.



Could this be something the HSM is doing (its a Thales device)?



Is there some place in a Microsoft PKI to change the formatting of these numbers?



Should I even care?



I know how an application uses a certificate serial/thumbprint number is specific to that application. Some require you take out the spaces and some don't. But some applications read it directly from the cert store and I wonder if the atypical format would mess them up. Are there any known issues with having the certificates issued in this format?



At the moment we haven't had any reported issues. Smart card AuthN and our SCCM workstation certs seems to be working just fine with the new certs.



I would assume the serial number and thumbprint are stored in some fixed number of bytes in the file and thus this formatting was purely a result of whatever viewer I'm using. At first I thought this may just be something new with the Windows certificate viewer and Windows 10 1809, but older certificates are still displayed with the spaces, so it doesn't appear to be the viewer that changed and I have to assume it is something with the format of the certificate file.










share|improve this question























  • Interesting. I don't believe the HSM is involved in generating the serial numbers -- only computing the signature.

    – Mike Ounsworth
    Dec 13 '18 at 21:09











  • yes, i would agree with that....in truth i do think this is a cert viewer issue...but since i can still see old certs having spaces it has me a bit baffled

    – New Guy
    Dec 13 '18 at 21:30






  • 1





    How are you "seeing" those values? The certificates themselves should be in ASN.1, so it the actual bytes would be binary, and HEX just its representation.

    – Ángel
    Dec 13 '18 at 21:36














1












1








1








We have a Microsoft PKI setup at our organization. As per just about all certificates I've ever seen, new certificates issued by our issuing CAs will put the serial number and thumbprint in a HEX format with each byte separated by a space. Recently we had an HSM upgrade, no real changes made to our CAs aside from getting them setup with the HSM. Now all new certificates are being issued with serial numbers and thumbprints, still in HEX (I see letters), but no spaces anymore.



Could this be something the HSM is doing (its a Thales device)?



Is there some place in a Microsoft PKI to change the formatting of these numbers?



Should I even care?



I know how an application uses a certificate serial/thumbprint number is specific to that application. Some require you take out the spaces and some don't. But some applications read it directly from the cert store and I wonder if the atypical format would mess them up. Are there any known issues with having the certificates issued in this format?



At the moment we haven't had any reported issues. Smart card AuthN and our SCCM workstation certs seems to be working just fine with the new certs.



I would assume the serial number and thumbprint are stored in some fixed number of bytes in the file and thus this formatting was purely a result of whatever viewer I'm using. At first I thought this may just be something new with the Windows certificate viewer and Windows 10 1809, but older certificates are still displayed with the spaces, so it doesn't appear to be the viewer that changed and I have to assume it is something with the format of the certificate file.










share|improve this question














We have a Microsoft PKI setup at our organization. As per just about all certificates I've ever seen, new certificates issued by our issuing CAs will put the serial number and thumbprint in a HEX format with each byte separated by a space. Recently we had an HSM upgrade, no real changes made to our CAs aside from getting them setup with the HSM. Now all new certificates are being issued with serial numbers and thumbprints, still in HEX (I see letters), but no spaces anymore.



Could this be something the HSM is doing (its a Thales device)?



Is there some place in a Microsoft PKI to change the formatting of these numbers?



Should I even care?



I know how an application uses a certificate serial/thumbprint number is specific to that application. Some require you take out the spaces and some don't. But some applications read it directly from the cert store and I wonder if the atypical format would mess them up. Are there any known issues with having the certificates issued in this format?



At the moment we haven't had any reported issues. Smart card AuthN and our SCCM workstation certs seems to be working just fine with the new certs.



I would assume the serial number and thumbprint are stored in some fixed number of bytes in the file and thus this formatting was purely a result of whatever viewer I'm using. At first I thought this may just be something new with the Windows certificate viewer and Windows 10 1809, but older certificates are still displayed with the spaces, so it doesn't appear to be the viewer that changed and I have to assume it is something with the format of the certificate file.







certificates public-key-infrastructure certificate-authority






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 13 '18 at 20:49









New GuyNew Guy

1083




1083













  • Interesting. I don't believe the HSM is involved in generating the serial numbers -- only computing the signature.

    – Mike Ounsworth
    Dec 13 '18 at 21:09











  • yes, i would agree with that....in truth i do think this is a cert viewer issue...but since i can still see old certs having spaces it has me a bit baffled

    – New Guy
    Dec 13 '18 at 21:30






  • 1





    How are you "seeing" those values? The certificates themselves should be in ASN.1, so it the actual bytes would be binary, and HEX just its representation.

    – Ángel
    Dec 13 '18 at 21:36



















  • Interesting. I don't believe the HSM is involved in generating the serial numbers -- only computing the signature.

    – Mike Ounsworth
    Dec 13 '18 at 21:09











  • yes, i would agree with that....in truth i do think this is a cert viewer issue...but since i can still see old certs having spaces it has me a bit baffled

    – New Guy
    Dec 13 '18 at 21:30






  • 1





    How are you "seeing" those values? The certificates themselves should be in ASN.1, so it the actual bytes would be binary, and HEX just its representation.

    – Ángel
    Dec 13 '18 at 21:36

















Interesting. I don't believe the HSM is involved in generating the serial numbers -- only computing the signature.

– Mike Ounsworth
Dec 13 '18 at 21:09





Interesting. I don't believe the HSM is involved in generating the serial numbers -- only computing the signature.

– Mike Ounsworth
Dec 13 '18 at 21:09













yes, i would agree with that....in truth i do think this is a cert viewer issue...but since i can still see old certs having spaces it has me a bit baffled

– New Guy
Dec 13 '18 at 21:30





yes, i would agree with that....in truth i do think this is a cert viewer issue...but since i can still see old certs having spaces it has me a bit baffled

– New Guy
Dec 13 '18 at 21:30




1




1





How are you "seeing" those values? The certificates themselves should be in ASN.1, so it the actual bytes would be binary, and HEX just its representation.

– Ángel
Dec 13 '18 at 21:36





How are you "seeing" those values? The certificates themselves should be in ASN.1, so it the actual bytes would be binary, and HEX just its representation.

– Ángel
Dec 13 '18 at 21:36










1 Answer
1






active

oldest

votes


















6














It is solely certificate viewer, nothing else. Microsoft time by time tweak/change certificate viewer. Prior to Windows 10, hex values were printed in octets separated by a space, now they removed space. Though, public keys and public key parameters are printed in octets with spaces.



The fact that you see spaces for some certs is related to certificate store. Certificate Viewer uses store-attached properties to fill fields in cert viewer. Since property value wasn't changed, it is shows as it was written (when spaces were used). Unlike certificate contents, certificate properties often use formatted strings instead of byte arrays.



I wouldn't care about this.






share|improve this answer



















  • 1





    Yes indeed that is the issue. I was just about to come back and close this question as I realized I was just mixing up a Windows 10 1607 machine RDP session and a Windows 10 1809 session. Silly me.

    – New Guy
    Dec 13 '18 at 21:43











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f199720%2fcertificate-serial-and-thumbprint-number-spacing%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









6














It is solely certificate viewer, nothing else. Microsoft time by time tweak/change certificate viewer. Prior to Windows 10, hex values were printed in octets separated by a space, now they removed space. Though, public keys and public key parameters are printed in octets with spaces.



The fact that you see spaces for some certs is related to certificate store. Certificate Viewer uses store-attached properties to fill fields in cert viewer. Since property value wasn't changed, it is shows as it was written (when spaces were used). Unlike certificate contents, certificate properties often use formatted strings instead of byte arrays.



I wouldn't care about this.






share|improve this answer



















  • 1





    Yes indeed that is the issue. I was just about to come back and close this question as I realized I was just mixing up a Windows 10 1607 machine RDP session and a Windows 10 1809 session. Silly me.

    – New Guy
    Dec 13 '18 at 21:43
















6














It is solely certificate viewer, nothing else. Microsoft time by time tweak/change certificate viewer. Prior to Windows 10, hex values were printed in octets separated by a space, now they removed space. Though, public keys and public key parameters are printed in octets with spaces.



The fact that you see spaces for some certs is related to certificate store. Certificate Viewer uses store-attached properties to fill fields in cert viewer. Since property value wasn't changed, it is shows as it was written (when spaces were used). Unlike certificate contents, certificate properties often use formatted strings instead of byte arrays.



I wouldn't care about this.






share|improve this answer



















  • 1





    Yes indeed that is the issue. I was just about to come back and close this question as I realized I was just mixing up a Windows 10 1607 machine RDP session and a Windows 10 1809 session. Silly me.

    – New Guy
    Dec 13 '18 at 21:43














6












6








6







It is solely certificate viewer, nothing else. Microsoft time by time tweak/change certificate viewer. Prior to Windows 10, hex values were printed in octets separated by a space, now they removed space. Though, public keys and public key parameters are printed in octets with spaces.



The fact that you see spaces for some certs is related to certificate store. Certificate Viewer uses store-attached properties to fill fields in cert viewer. Since property value wasn't changed, it is shows as it was written (when spaces were used). Unlike certificate contents, certificate properties often use formatted strings instead of byte arrays.



I wouldn't care about this.






share|improve this answer













It is solely certificate viewer, nothing else. Microsoft time by time tweak/change certificate viewer. Prior to Windows 10, hex values were printed in octets separated by a space, now they removed space. Though, public keys and public key parameters are printed in octets with spaces.



The fact that you see spaces for some certs is related to certificate store. Certificate Viewer uses store-attached properties to fill fields in cert viewer. Since property value wasn't changed, it is shows as it was written (when spaces were used). Unlike certificate contents, certificate properties often use formatted strings instead of byte arrays.



I wouldn't care about this.







share|improve this answer












share|improve this answer



share|improve this answer










answered Dec 13 '18 at 21:36









Crypt32Crypt32

2,603712




2,603712








  • 1





    Yes indeed that is the issue. I was just about to come back and close this question as I realized I was just mixing up a Windows 10 1607 machine RDP session and a Windows 10 1809 session. Silly me.

    – New Guy
    Dec 13 '18 at 21:43














  • 1





    Yes indeed that is the issue. I was just about to come back and close this question as I realized I was just mixing up a Windows 10 1607 machine RDP session and a Windows 10 1809 session. Silly me.

    – New Guy
    Dec 13 '18 at 21:43








1




1





Yes indeed that is the issue. I was just about to come back and close this question as I realized I was just mixing up a Windows 10 1607 machine RDP session and a Windows 10 1809 session. Silly me.

– New Guy
Dec 13 '18 at 21:43





Yes indeed that is the issue. I was just about to come back and close this question as I realized I was just mixing up a Windows 10 1607 machine RDP session and a Windows 10 1809 session. Silly me.

– New Guy
Dec 13 '18 at 21:43


















draft saved

draft discarded




















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f199720%2fcertificate-serial-and-thumbprint-number-spacing%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Bundesstraße 106

Verónica Boquete

Ida-Boy-Ed-Garten