SSL Certificate File Types

Certificates can be stored in a variety of file formats -- which can be a pain, since the format that your certificates come in may not be the format that is compatible with your end goal.

In general, there are three different kinds of file formats -- PEM, PKCS, and DER.

PEM Format

Properties

PEM files are generally associated with the UNIX world, and have the following properties:

• usually stored with file extensions like .pem, .key, .crt
• are ASCII files (not binary)
• contain textual "BEGIN" and "END" Statements
• Can describe private keys, single certificates, and/or certificate chains
• Default format for OpenSSL

Compatibility

• Apache consumes PEM files for SSL encryption

Translation

• PEM to PFX: http://blog.crowe.co.nz/archive/2008/01/29/Taking-a-SSL-Certificate-a-KEY-file-and-a-CA.asp
• PEM to PFX using openssl: openssl pkcs12 -export -in cert.pem -inkey key.pem -out cert.pfx -name "PFX Certificate"
• PEM to DER: http://support.citrix.com/article/CTX106631

PFX (PKCS #12) Format

Properties

• Most common on Microsoft filesystems
• usually have file extensions like .pfx or .p12
• binary format

Compatibility

• One of the only ways to import a private key into a Microsoft Windows Certificate Store

Translation

• PFX to PEM: http://support.citrix.com/article/CTX106028
• PFX to DER: -- dunno

DER Format

Properties

• Used commonly with Java Keystores
• Default format for most browsers

Compatibility

• Import into a Java Keystore for use with Tomcat

Translation

• DER to PEM: openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem (Source:http://shib.kuleuven.be/docs/ssl_commands.shtml)
• DER to PFX: