Certificate File Formats – CompTIA Security+ SY0-501 – 6.4

Certificates can be delivered and transferred between systems in a variety of different formats. In this video, you’ll learn about some of the most common certificate file formats.

<< Previous Video: Types of Certificates Next: Security+ SY0-501 Course Index >>

In our previous videos, we saw that an X.509 certificate has a very standard format. The structure of how that certificate is provided to you however, can take many different forms. Although there are many different kinds of certificate file formats, you can usually convert between one format and another. And some applications like open SSL are able to read and display the certificate in many different file formats.

One of these file formats is the distinguished encoding rules format or DER format. This is a format specifically designed for X.509 certificates. It’s a binary format, which means if you were to look at the file, it wouldn’t be something that would be human readable. But it is a common format used across many different platforms and we often see it associated with Java certificates.

One of the most common certificate file formats is a PEM format or privacy enhanced mail format. This is a common format that you’ll receive from a certificate authority and it’s one that is supported across many different applications on many different operating systems. This is an ASCII format. You can read it. If you are to look at the file, you would see that everything is letters and numbers, which makes this very easy to transfer to another system or to email.

The PKS number 12 file format stands for public key cryptography standards, number 12. This is a personal information exchange syntax standard that was created by RSA and is now part of an RFC standard. You would use a P12 container format to store many different kinds of certificates.

It’s commonly used to put together a public key and a private key, and send those keys to someone else. Because this container sometimes holding a private key. It also allows to have a password protection associated with the P12 file.

If you’re in a Windows environment, you may see a similar format called a PFX format. The two standards are very similar and they’re often referenced interchangeably with each other. In Windows, you’ll often see a CER file. This is a certificate file. This is usually holding an X.509 standard certificate, and it’s usually formatted with a file format of a DER format or the ASCII PEM format.

A CER file is usually just the public key side of the certificate. If you need to transfer a private key in Windows, you’re usually encapsulating that within a pfx file format. This is a common format you’ll find on a Windows device. You’ll find all the file extensions are labeled with a .CER extension.

Another common file format is the PKCS number seven. This is the public key cryptography standards number seven format. It is associated with a p7b file. And this is an ASCII readable, human readable formatted file that usually contains a public key and any chain certificates that you may need to add to a web server. Private keys are not usually added to a p7b file. You’ll see these p7b file formats used in Microsoft Windows, Java Tomcat, and many other environments.