Understanding Certificate Extentions: ------------------------- * CA: Stands for Certificate Authority, which is an entity that issues certificates. * PEM: This is a container format (meaning it can contain certificates, keys, etc). It is readable to some degree using text editors. * PFX: This is also a container format. It is different from the PEM format in that this container is encrypted. PFX extention is the same as P12, for pkcs12... which stands for Public-Key Cryptography Standards version 12. * DER: Same as PEM but in binary format instead of Base64. * CSR: stands for Certificate Signing Request, and is normally used to generate Certificates by CAs. (For more details on this, check the references at the bottom) * CRT, KEY, CERT: These extentions are usually just a PEM, or very very rarely a DER. X.509 CERTIFICATE FILENAME EXTENSIONS : --------------------------------------- Technically, all ssl certificates are regarded as types of x.509 certificates. these digital certificates have different filename extensions and formats. here's a brief overview of several common filename extensions: ------------------------------------------------------------- .PEM -- this is a (privacy-enhanced electronic mail) base64 encoded der certificate, enclosed between: "---BEGIN CERTIFICATE---" AND "---END CERTIFICATE---" .CER, .CRT, AND .DER -- although usually in binary der form, base64-encoded certificates are common (see .pem above). .P7B AND .P7C - PKCS#7 signed data structure without data, just certificate(s) or crl(s). .P12 - PKCS#12 files may contain certificate(s) (public) and private keys (password protected). .PFX - PFX is the predecessor of pkcs#12. this type of file usually contains data in pkcs#12 format (e.g., with pfx files generated in iis).