Certificate Formats and Conversion Guide
Common Certificate Formats
- .PFX / .P12
- Windows: Primarily used on Windows systems. This format is a binary format that can include the certificate, private key, and intermediate certificates. Commonly used for importing and exporting certificates with private keys in Windows.
- Linux: Rarely used, but some tools (like OpenSSL) can handle this format.
- .CER / .CRT
- Windows: Typically used to store the public key. Often seen as .cer files in Windows, can be in either binary DER format or Base64-encoded PEM format.
- Linux: Commonly used as .crt files in Linux, often in Base64-encoded PEM format.
- .PEM
- Linux: Widely used on Linux systems. This format is a Base64-encoded DER certificate, which can contain both the certificate and the private key (although they are usually stored separately). .pem is often used for Apache and other Linux-based servers.
- Windows: Not typically used, but can be converted to .PFX or .CER.
- .KEY
- Linux: Used for storing the private key in PEM format, typically associated with the .pem certificate file.
- Windows: Not directly used, but can be part of a .PFX file.
Conversion Commands Using OpenSSL
Convert .PFX to .PEM (Linux)
openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes
This will extract the certificates and private key from a .PFX file into a .PEM file.
Convert .PEM to .PFX (Windows)
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.pem -certfile CAchain.pem
This will combine the .PEM certificate and private key into a .PFX file.
Convert .PEM to .CER/.CRT
Convert .CER/.CRT to .PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
This converts a DER-encoded .CER certificate to a Base64-encoded .PEM certificate.
Summary
- Windows: Commonly uses .PFX/.P12 for certificates with private keys, .CER for public keys.
- Linux: Commonly uses .PEM for certificates and .KEY for private keys, with .CRT as another format for certificates.