We have a Microsoft PKI configuration in our organization. According to just about every certificate I've ever seen, new certificates issued by our issuing certification authorities will place the serial number and the thumbprint in HEX format, with each byte separated by a space. Recently, we had an upgrade of HSM. No real changes have been made to our CAs other than their configuration with the HSM. Now, all new certificates are issued with serial numbers and fingerprints, always in HEX (I see letters), but more space.
Could it be something that HSM is doing (Thales device)?
Is there a place in a Microsoft public key infrastructure to change the formatting of these numbers?
Should I even worry about it?
I know how an application uses a serial number / certificate fingerprint specific to this application. Some require that you remove the spaces and others not. But some applications read it directly from the certificate store and I wonder if the atypical format would bother them. Are there issues related to issuing certificates in this format?
For the moment, we had no problems reported. The AuthN smart card and our SCCM workstation certificates seem to work well with the new certificates.
I assume that the serial number and the thumbprint are stored in a fixed number of bytes in the file and that, therefore, this formatting is purely the result of the display I am using. At first, I thought the Windows Certificate Viewer and Windows 10 1809 might be a novelty, but older certificates are always displayed with spaces; so it does not seem like the viewer has changed and I have to assume that it's something with the certificate file format.