The different certificate formats and their use

The main digital certificate formats

Certificates are data structures based on the ASN1 standard. They can be encoded in various formats:

• PEM (Privacy-Enhanced Mail): This is an ASCII format based on specific headers and footers (BEGIN/END) encoding the certificate in Base64 format. It is commonly used for SSL/TLS (Secure Sockets Layer/Transport Layer Security) certificates and public keys.
• DER (Distinguished Encoding Rules): This is a binary format that represents digital certificates in a compact way. DER certificates are often used in systems where file size efficiency is important, such as smart cards, or when making certificates available for download.
• PKCS#7 (Public Key Cryptography Standards #7): This format is used to simply transmit a set of data in a single envelope. It can contain a set of certificates, their associated certificate chains and lists of revoked certificates.
• PKCS#12 / PFX: These are password-protected key and certificate archive formats. They are commonly used to store a certificate and the associated private key in a single container.
• JKS (Java KeyStore): This format is specific to the Java platform and is used to store certificates, private keys and trusted authority certificates in a password-protected container. This format is gradually being abandoned in favour of PKCS#12.

Why is it necessary to change the format of your certificates?

The main reason for changing the format of a certificate (and/or its private key) is compatibility. Some platforms are unable to read a specific certificate format, so it will be necessary to convert it to a compatible format. You won’t always be able to choose the format in which you receive a certificate you’ve requested, so the question of how to change format arises.

Please note that changing the format of certificates does not change their content, so you can convert them as you wish.

How do you convert your certificate formats?

Converting certificates can be a time-consuming process when we don’t have the right tools or the right conversion procedure. In fact, the tools vary depending on the certificate format you wish to convert. What’s more, before you start converting, it’s important to make sure you have the necessary prerequisites, such as the certificate’s private key, the certificate from the certification authority and any associated passwords.

You have 2 options:

1. Online converters: easy-to-use tools that present a major risk to private key security.
2. Third-party tools like OpenSSL: full-featured tools that don’t expose your secrets, but require installation and advanced knowledge of the tool.

BerryCert simplifies the conversion of digital certificates, offering you a fast and secure way to convert any certificate in just a few clicks. Don’t complicate your life with complex conversion processes – BerryCert makes it easy!

What are the file extensions associated with certificates and what are they used for?

The file extension of a digital certificate defines the format in which the certificate is stored. The various file extensions for digital certificates include:

• .pem: file containing an x509v3 object in ASCII format encoded in base64 with BEGIN and END tags
• .der: file containing an x509v3 object in binary format
• .cer: file containing a certificate encoded in PEM or DER format (usual Windows extension)
• .crt: file containing a certificate encoded in PEM or DER format (usual extension under *nix systems)
• .p12, .pfx: file containing certificates and/or key pairs
• .p10, .csr, .req: file containing certification request (includes public key)
• .p7b: file containing certificates and certification chains (in PEM format)
• .key: file containing a single private key in PEM or DER format
• .jks: JAVA-format file containing certificates and/or key pairs

Looking for a command to convert the format of your certificates?

In this blog article you’ll find all the commands you need to convert the format of your certificates!