while working on certificates, we see lot of certificate formats like .csr, .pem, .cer etc.
All this certificates as have different use and different purposes. In the following blog, we would try understanding what does each certificate is, what is meant for.
Following are few format of certificates
pem format:
extenesion : .pem
full form : Privacy Enhanced Mail (a.k.a) Privacy-Enhanced Electronic Mail
define: pem file contains a base 64 format for x509 certificate. A single PEM file can contain a number of certificates and a key
It contains the ‘—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” statements.
RFC: RFC 1421 - RFC 142
Example:
-----BEGIN CERTIFICATE-----
BQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy
MTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
emVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X
DTk4MDUxODAwMDAwMFoXDTE4MDUxODIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw
FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg
UHJpbWFyeBALAKISHORESBDGADDAMZXJ0aWZpY2F0aW9uIEF1dGhvc
ml0eSAtIEcyMTowOAYDVQQLEzEosdfsrwerwerDerewrdwmfsinshafafdunerer
YykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5
MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4
pO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0
13fQpR6g8QhdYLXh7IFACJ0ubJwvt8y9UJnNI8CWpifefyaqKYbfKDD3W
hHcGFOgV
-----END CERTIFICATE-----
der format:
extension : .der
full form : Distinguished Encoding Rules
define:It is a Binary form of ASCII PEM format certificate. .der extension file must be called as DER encoded Certificate. DER is a set of ASN.1 encoding rules for formatting data in binary. the same is used for certificates.
RFC:
Example: this file would be in binary format, cannot be viewed in plain text file
csr format:
extension : .csr
full form: Certificate signing request.
define: when ever any server wants to get enable ssl it would generate a csr request to get a digital certificate.
A Certificate Signing Request (CSR) is a PKCS10 request which is an unsigned copy of your certificate. Certificate authority will use the csr to generate your signed digital x509 V3 SSL.
This CSR is sent to CA ( certificate authority) to for signing.
It Contains the public key of the requesting system, Distinguished Name (DN), Business name / Organisation, Department Name / Organisational Unit, Country, email.
a .csr request doesn't contain private inside it.
RFC : rfc2986
pfx format (PFX/PKCS#12):
extension : .pfx , .p12
full form :Personal Information Exchange (PFX) Certificate
Define: .pfx file is used to store and transfer certificate. it can contian all types of keys. They are Binary format files.
The PKCS #12 binary certificate package is a password-encrypted package that can contain nearly any type of data. This PKCS #12 package is similar to a PKCS #7 certificate chain with a private key included
P7B and PKCS7:
extension : .p7b, .p7c
define: It is Base64 encoded ASCII file . It can contain only Certificates and Chain certificates but not contain Private key.
example :
–BEGIN PKCS—
SDFSDFSDFxx
sdfsdfsdfsdfsdsd
–END PKCS7—–
The PEM PKCS#7 format uses the header and footer lines:
-----BEGIN PKCS7----- -----END PKCS7-----For compatibility with some CAs it will also accept:
-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
No comments:
Post a Comment