We have a Microsoft PKI configuration in our organization. According to almost all the certificates I have seen, the new certificates issued by our CAs issue the serial number and the fingerprint in a HEX format with each byte separated by a space. We recently had an HSM update, no real changes were made to our CAs in addition to configuring them with the HSM. Now all new certificates are issued with serial numbers and fingerprints, even in HEX (I see letters), but there are no spaces.
Could this be something the HSM is doing (is it a Thales device)?
Is there a place in a Microsoft PKI to change the format of these numbers?
Should I even care?
I know that an application uses a certificate. The serial number / fingerprint is specific to that application. Some require that you take out the spaces and others do not. But some applications read it directly in the certificate store and I wonder if the atypical format would ruin them. Are there known problems with issuing certificates in this format?
At the moment we have not had any reported problems. The AuthN smart card and our SCCM workstation certificates seem to be working well with the new certificates.
I suppose that the serial number and the fingerprint are stored in a fixed number of bytes in the file and, therefore, this format was simply the result of any viewer that is using. At first I thought that this could be something new with the Windows and Windows 10 1809 certificate viewer, but the oldest certificates are still shown with the spaces, so it does not seem to be the viewer that changed and I have to assume that it is something With the format of the certificate file.