Saturday 18 July 2015

X.509 Certificate Encoding and Extensions


An X.509 certificate is a digital certificate which uses international X.509 public key infrastructure (PKI) standard to verify a public key. X.509 certificate is defined using ASN.1
Understanding different encodings:

 1. PEM:
  •   ASCII(Base64) encoded data
  •   File extension is .cer
 2. DER:
  •   Binary form of ASCII PEM format certificate
  •   File extension can be .cer or .der

3. P7b/PKCS#7 :
  •  This are base64 encoded . Contains “—–BEGIN PKCS—–” & “—–END PKCS7—–” statements.
  •  They have extensions .p7b, .p7c

4. PFX/PKCS#12:
  •   They are Binary format files  storing the Server certificate.
  •   They have extensions .pfx, .p12

 

Understanding different files/extensions:

  • .Pem -   Includes private and public key in ASCII PEM format
  • .p12 - An archive file format for storing many cryptography objects as a single file.
  • .key- Contains private key.  The KEY extension is used both for public and private PKCS#8 keys. The keys may be encoded as binary DER or as ASCII PEM.
  •  .csr - Stands for certificate signing request. A certificate authority will use a CSR to create your SSL certificate
  •  .cer & .crt -  This can be interchangeable format .cer is Microsoft extension
  •  .config - Contains the configuration for creating certificate