certificates:certificate_types
This is an old revision of the document!
Certificates - Certificate Types
Common filename extensions for X.509 certificates are:
| Filename Extension | Description |
|---|---|
| .pem | Privacy-enhanced Electronic Mail. Base64 encoded DER certificate, enclosed between “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“ |
| .cer, .crt, .der | Usually in binary DER form, but Base64-encoded certificates are common too (see .pem above) |
| .p7b, .p7c | PKCS#7 SignedData structure without data, just certificate(s) or CRL(s) |
| .p12 | PKCS#12, may contain certificate(s) (public) and private keys (password protected) |
| .pfx | PFX, predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., with PFX files generated in IIS) |
- PKCS#7 is a standard for signing or encrypting (officially called “enveloping”) data. Since the certificate is needed to verify signed data, it is possible to include them in the SignedData structure. A .P7C file is a degenerated SignedData structure, without any data to sign.[citation needed]
- PKCS#12 evolved from the personal information exchange (PFX) standard and is used to exchange public and private objects in a single file.
certificates/certificate_types.1481035683.txt.gz · Last modified: 2020/07/15 09:30 (external edit)