1791

I am responsible for maintaining two Debian servers. Every time I have to do anything with security certificates, I Google for tutorials and beat away until it finally works.

However, in my searches I often come across different file formats (.key, .csr, .pem) but I've never been able to find a good explanation of what each file format's purpose is.

I was wondering if the good folks here at ServerFault could provide some clarification on this matter?

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
Noah Goodrich
  • 19,427
  • 6
  • 25
  • 16
  • 4
    https://stackoverflow.com/a/45886431/1599699 – Andrew Nov 20 '17 at 18:45
  • 1
    In this [gist](https://gist.github.com/tuansoibk/0b1f279be5c1b782d95f4e15af1442cb) I explain what a PEM file usually contains and how to converse the content b/w different formats. – maximus May 08 '22 at 10:15

3 Answers3

2183

SSL has been around for long enough you'd think that there would be agreed upon container formats. And you're right, there are. Too many standards as it happens. In the end, all of these are different ways to encode Abstract Syntax Notation 1 (ASN.1) formatted data — which happens to be the format x509 certificates are defined in — in machine-readable ways.

  • .csr - This is a Certificate Signing Request. Some applications can generate these for submission to certificate-authorities. The actual format is PKCS10 which is defined in RFC 2986. It includes some/all of the key details of the requested certificate such as subject, organization, state, whatnot, as well as the public key of the certificate to get signed. These get signed by the CA and a certificate is returned. The returned certificate is the public certificate (which includes the public key but not the private key), which itself can be in a couple of formats.
  • .pem - Defined in RFC 1422 (part of a series from 1421 through 1424) this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs), or may include an entire certificate chain including public key, private key, and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.
  • .key - This is a (usually) PEM formatted file containing just the private-key of a specific certificate and is merely a conventional name and not a standardized one. In Apache installs, this frequently resides in /etc/ssl/private. The rights on these files are very important, and some programs will refuse to load these certificates if they are set wrong.
  • .pkcs12 .pfx .p12 - Originally defined by RSA in the Public-Key Cryptography Standards (abbreviated PKCS), the "12" variant was originally enhanced by Microsoft, and later submitted as RFC 7292. This is a password-protected container format that contains both public and private certificate pairs. Unlike .pem files, this container is fully encrypted. Openssl can turn this into a .pem file with both public and private keys: openssl pkcs12 -in file-to-convert.p12 -out converted-file.pem -nodes

A few other formats that show up from time to time:

  • .der - A way to encode ASN.1 syntax in binary, a .pem file is just a Base64 encoded .der file. OpenSSL can convert these to .pem (openssl x509 -inform der -in to-convert.der -out converted.pem). Windows sees these as Certificate files. By default, Windows will export certificates as .DER formatted files with a different extension. Like...
  • .cert .cer .crt - A .pem (or rarely .der) formatted file with a different extension, one that is recognized by Windows Explorer as a certificate, which .pem is not.
  • .p7b .keystore - Defined in RFC 2315 as PKCS number 7, this is a format used by Windows for certificate interchange. Java understands these natively, and often uses .keystore as an extension instead. Unlike .pem style certificates, this format has a defined way to include certification-path certificates.
  • .crl - A certificate revocation list. Certificate Authorities produce these as a way to de-authorize certificates before expiration. You can sometimes download them from CA websites.

In summary, there are four different ways to present certificates and their components:

  • PEM - Governed by RFCs, used preferentially by open-source software because it is text-based and therefore less prone to translation/transmission errors. It can have a variety of extensions (.pem, .key, .cer, .cert, more)
  • PKCS7 - An open standard used by Java and supported by Windows. Does not contain private key material.
  • PKCS12 - A Microsoft private standard that was later defined in an RFC that provides enhanced security versus the plain-text PEM format. This can contain private key and certificate chain material. Its used preferentially by Windows systems, and can be freely converted to PEM format through use of openssl.
  • DER - The parent format of PEM. It's useful to think of it as a binary version of the base64-encoded PEM file. Not routinely used very much outside of Windows.

I hope this helps.

Community
  • 1
sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
  • 399
    The great thing about standards is that there are so many to choose from... – squillman May 19 '09 at 04:05
  • 48
    .crt is another common extension for .cert and .cer – David Pashley Jun 06 '09 at 08:08
  • 56
    PEM is a file format that may consist of a certificate (aka. public key), a private key or indeed both concatenated together. Don't pay so much attention to the file extension; it means Privacy Enhanced Mail, a use it didn't see much use for but the file format stuck around. – Dan Carley Jun 25 '09 at 16:29
  • 2
    PEM files can actually include up to (or maybe more than) 4 certificates - this can actually be required to for OpenSSL to verify the full chain of authority. See http://www.digicert.com/ssl-support/pem-ssl-creation.htm for further details. – Jay Taylor Nov 07 '12 at 19:33
  • 28
    Very useful answer, but I don't think you've covered the .pub format created by `ssh-keygen`. It would be useful to know how that ties in with the rest. – Jez Dec 28 '12 at 20:05
  • 1
    Is there any way to determine *which* keys are stored in a given .pem? – QED May 23 '13 at 22:06
  • 4
    @psoft `openssl x509 -text -in given.pem` – Daniel Serodio Jul 04 '13 at 17:42
  • 1
    @Jez good question, as I understand it the `.pub` is the certificate (aka public key) part. (Disclaimer: this may be wrong) – AJP Mar 15 '14 at 13:13
  • 32
    Can't help noticing "Privacy Enhanced Email" would give the acronym "PEE" as opposed to "PEM". The RFCs tend to use the phrase "Privacy Enhanced Mail" – aidan Jan 12 '15 at 05:20
  • 1
    This is a great description of the file formats. I was just issued a new code signing certificate from godaddy and instead of the `.pem` file I previously received now I've got a `.spc` file. Could you also mention this format or extension? – Rory Mar 11 '15 at 12:08
  • @sysadmin1138, What about `.usr` files? : http://sqa.stackexchange.com/q/15533/11978 – Pacerier Nov 06 '15 at 10:44
  • 3
    @AJP OpenSSH id_blah.pub files (plus known_hosts and authorized_keys) are public keys but not certificates, and use a completely different format from the OpenSSL PEM files in this Q&A: no header/trailer, no internal linebreaks, space-separated label(s) plus base64 of XDR not BER data structure. – dave_thompson_085 Jan 21 '16 at 08:02
  • I think this answer should contain references to https://tools.ietf.org/html/rfc5280.html. – Jan-Philip Gehrcke Jul 24 '16 at 19:53
  • 3
    seems like it would be useful to mention Java's JKS format and the related keytool command. That's a fifth, fairly common, way to encode certs and keys. – Dan Pritts Aug 15 '16 at 21:44
  • 2
    Quickly skimming RFCs 1421, 1422, 1423, 1424, I don't see anything about `-----BEGIN CERTIFICATE-----` format, only `-----BEGIN PRIVACY-ENHANCED MESSAGE-----` examples. Is .pem format for certs actually defined anywhere? Did I miss it? – Beni Cherniavsky-Paskin Jan 17 '17 at 14:15
  • 1
    @BeniCherniavsky-Paskin See James F's answer after mine. Technically, the governing standards here are ITU-T (formerly CCIT) x509. The .pem extension is merely a traditional way to mark these files. – sysadmin1138 Jan 18 '17 at 01:38
  • Great answer! But some of it seems conflicting, or at least confusing. You mention 4 standards: *PEM*, *PKCS7*, *PKCS12*, and *DER*. But under the file formats, you mention the ***PKCS10*** standard and the *PKCS12* standard, but **never the *PKCS7*** standard. – Mike Williamson Jan 26 '18 at 18:06
  • 3
    Obligatory XKCD: https://xkcd.com/927/ – code_dredd Nov 30 '18 at 08:30
  • The filename extension does not dictate the content. The file could be called `.foobar` and would work exactly the same way, just more difficult for an human to organize stuff but no problem for a computer as only the **content** matters, which can be stored in various encoding scheme. Due to the number of confusions seem I think it is very important to stress out that then filename, and its extension, does not matter at all. – Patrick Mevzek Sep 16 '19 at 14:41
  • What is the distinction, if any, between a file format and a container format? Right now, the answer uses the term 'container' without a clear introduction for newbies (like me). – Michael Easter Sep 17 '20 at 12:04
184

PEM on it's own isn't a certificate, it's just a way of encoding data. X.509 certificates are one type of data that is commonly encoded using PEM.

PEM is a X.509 certificate (whose structure is defined using ASN.1), encoded using the ASN.1 DER (distinguished encoding rules), then run through Base64 encoding and stuck between plain-text anchor lines (BEGIN CERTIFICATE and END CERTIFICATE).

You can represent the same data using the PKCS#7 or PKCS#12 representations, and the openssl command line utility can be used to do this.

The obvious benefits of PEM is that it's safe to paste into the body of an email message because it has anchor lines and is 7-bit clean.

RFC1422 has more details about the PEM standard as it related to keys and certificates.

Community
  • 1
James F
  • 6,689
  • 1
  • 26
  • 24
  • 1
    How do you do this "using openssl command line"? – Samik R Sep 18 '13 at 03:53
  • 10
    To convert a DER file (.crt .cer .der) to PEM: `openssl x509 -inform der -in cert.cer -out cert.pem`. To convert a PEM file to DER: `openssl x509 -outform der -in cert.pem -out certi.der`. To convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM: `openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes`. To convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12): `openssl pkcs12 -export -out cert.pfx -inkey privateKey.key -in cert.crt -certfile CACert.crt` From [here](https://www.sslshopper.com/article-most-common-openssl-commands.html) – mpeac Jun 05 '16 at 23:10
  • 2
    "PEM on it's own isn't a certificate..." and "PEM is a X.509 certificate..." are a bit controversal sentences. – leftjoin Jun 24 '21 at 20:40
  • It should be noted that PEM requires Base64 _with a line length of 64 characters_. Some tools may not care but at least openssl can't load single-line Base64 encoded DER files. – kapex Jul 29 '21 at 09:03
  • 4
    "PEM is a X.509 certificate..." is incorrect, PEM is just a container format. A PEM file can contain anything, such as an X509 certificate, a PKCS#1, PKCS#8 private key,... So it's really important to know exactly what your PEM file contains -> the text "BEGIN " in the PEM file should tell you what the PEM contains. I list out few common uses of PEM file in this gist: https://gist.github.com/tuansoibk/0b1f279be5c1b782d95f4e15af1442cb – maximus May 08 '22 at 10:13
71

Sometimes a .crt file is already a .pem. See: https://stackoverflow.com/questions/991758/openssl-pem-key

Community
  • 1
mgold
  • 811
  • 6
  • 3
  • 4
    Indeed true, I just noticed this today. I had to enter a PEM certificate in rackspace loadbalancer and I was wondering if the generated crt was in that format. But it worked like that, so that was my conclusion as well, most of these .crt's come in PEM format it seems. – Glenn Plas Jan 24 '14 at 10:41
  • 3
    @GlennPlas focus instead of the **content** of the file, not its name or extension. It could be called `.foobar` for all that matters... – Patrick Mevzek Sep 16 '19 at 14:42