Working with certificates


I never claim to know everything about certificates but I do feel I know a fair amount. In working with a customer issue we had some questions on whether the certificate would be trusted by the PIC partners given the intermediate authorities. When asking one of the partners to look I simply provided the cert we had, both in the P7b (entire certificate chain) and then an export of the specific cert as a cer file. The partner wanted an X509 text version which I didn't know how to generate so I played around.

The wizard for exporting defaults to DER encoded binary X.509 (.CER) which has always worked for what I need but that is because I can install the cert and use a few certutil commands to verify the certificate. Turns out if you use the second option of Base-64 encoded X.509 (.CER) you can also open it in a text editor. The format will be as below

-----BEGIN CERTIFICATE-----
...<removing actual cert details>
-----END CERTIFICATE-----

So I don't know what toolset the partner uses such that having the text helps them but I know how to give it to them next time!

Today's post revealing a bit of why "kid" is in the name

TomL LCSKid

Skip to main content