There are many file
formats used to identify certificates. Here are some of them:
-
Encodings (also used as extensions)
Privacy Enhanced Email
(.pem) is a container format (Base64 Encoded x.509)The .pem extension
is used for different types of X.509v3 files, which contain ASCII
(Base64) armored data prefixed with a “—– BEGIN
…” line.
Examples are CA certificate files or an entire certificate chain that includes a
public key, a
private key, and root certificates.
PKCS12 .P12
Public-Key Cryptography Standards (.pkcs12) is a file format that has both public
and private keys in the file. Private keys are password protected. These files are
also known as *.PFX format on Windows. Unlike PEM files, this container is fully encrypted.
-
Common Extensions
CRT
The CRT extension is used for certificates. The certificates can be encoded as binary
DER or as ASCII PEM. The CER and CRT extensions are nearly synonymous.
Note: The only time CRT and CER
can safely be interchanged is when the encoding type can be identical.
For example, PEM-encoded CRT is the same as PEM-encoded CER.
CER
A CER file is recognized by Windows Explorer as a certificate. It is an alternate
form of CRT (Microsoft Convention). You can use MS to convert CRT to CER. You can
encode both to DER-encoded CER or to base64[PEM]-encoded CER.
Note: If you export a certificate
using the Windows export wizard, the CER-formatted file is Base64
Encoded x.509 and is the equivalent to PEM.
Note: The only time CRT and CER
can safely be interchanged is when the encoding type can be identical.
For example, PEM-encoded CRT is the same as PEM-encoded CER.
CSR
This is a Certificate Signing Request. Some applications can generate these for submission
to certificate authorities. It includes some of the key details of the requested certificate,
such as subject, organization, and state, as well as the public key of the certificate
that will be signed. These are signed by the CA and a certificate
is returned. The returned certificate is the public certificate. Note that this public
certificate can be in a couple of formats.
KEY
The KEY extension is used both for public and private PKCS#8 keys. The keys can be
encoded as binary DER or as ASCII PEM.