1

I'm updating the .cer file referenced in my end entity's AIA record. What format should I save the file in?

By default Windows allows me to save as

  • DER encoded binary X.509 (.cer)
  • Base-64 encoded X.509 (.cer)

I also have the ability to save as .P7B but don't think that's a supported choice with AIA certs.

makerofthings7
  • 8,911
  • 34
  • 121
  • 197

1 Answers1

1

A Microsoft CA does its AIA publishing in DER format. (I assume that's what we're talking about here, based on the tags on the question and the fact that you're dealing with a Windows cert export dialog?)

However, with an MS CA that publishing should be automatic to AIA locations, or if you have a location the CA can't write to, you can just copy the AIA cert from a different AIA location; why are you needing to manually export this cert for publishing?

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • I am manually exporting this because the intermediate server AIAs only have HTTP locations specified (no c:\ paths), and when the cert was generated the option to save to C:\ wasn't selected. My only choice is to export the existing cert and do it in the proper format. – makerofthings7 Oct 12 '12 at 16:43
  • Gotcha. There should be an AIA location to C: by default; you can add it at any time and not include it in the cert's AIA attribute. The default is `C:\Windows\system32\CertSrv\CertEnroll\_.crt` – Shane Madden Oct 12 '12 at 17:09