X.509 File Extensions
Encodings (also used as extensions):
-
.PEM - the extension is used to denote that the certificate is encoded in ASCII (Base64 Notation). There are various types of X.509v3 files and they are (usually) prefixed with a “
-----BEGIN CERTIFICATE-----” line and suffixed with a “-----END CERTIFICATE-----”
-----BEGIN CERTIFICATE-----… base 64 encoding of the DER encoded certificatewith line endings and padding with equals signs …-----END CERTIFICATE----- -
.DER - the extension is used to denote that the certificate is encoded in binary. These files may also bear the CER or CRT extension. Proper English usage would be “I have a DER encoded certificate” not “I have a DER certificate”
Extensions:
- .CRT - extension used for certificates. may be encoded in binary or ASCII (*NIX Convention)
- .CER - similar to .CRT (Microsoft Convention)
- .KEY - extension used both for public and provide PKCS#8 keys. may be encoded in binary or ASCII
the only time CRT and CER can be interchanged is when the encoding type can be identical (i.e. ASCII encoded CRT = ASCII encoded CER)
OpenSSL Certificate Manipulations
for other basic openssl commands
|
Manipulation |
PEM Encoded Cert |
DER Encoded Cert |
|---|---|---|
|
VIEW |
|
|
|
TRANSFORM |
PEM → DER |
DER → PEM |
|
COMBINATION |
| |
|
EXTRACTION |
Some certs will come in a combined form. Where one file can contain any one of: Certificate, Private Key, Public Key, Signed Certificate, Certificate Authority (CA), and/or Authority Chain | |