What is a digital certificate and a certificate in different formats

Certificate thematic catalog

• 1. What is a digital certificate and certificates in different formats
• 2. How to view and obtain a certificate

What is a Certificate

What is a digital certificate and digital signature, you can refer to the following articles:

• Ruan Yifeng - What digital signature? Inside an English translation of the article, illustrations digital certificates and digital signatures
• Bolted turtle - The structure and X.509 digital certificate also includes content illustrated, additionally comprising an X.509 certificate format and data structure
• RFC5280 - Internet X.509 Public Key Infrastructure Certificate X.509 v3 and Certificate Revocation List (CRL) Profile certificate RFC documents, this is the most professional certificate documentation
• DER vs. CRT vs. CER vs. PEM Certificates English article about certificates in different formats

Our focus, different formats of certificates:

Certificate Encoding

• DEREncoded certificate, the suffix may have .ceror .crtcertificate content is binary
• PEMEncoded certificate, certificate content is text Base64-encoded, generally —– BEGIN …beginning

Common certificate

• .CRT Suffix certificate, two encoding formats are supported, generally contains a public key, generally more common in the Linux system
• .CERSuffix certificate, and .crtcertificate suffixes relatively similar, generally contains a public key
• .KEY It is often used to store private keys

Operating certificate

Use opensslthe command certificates, and conversion between different formats.

View PEM encoded certificate

openssl x509 -in cert.pem -text -noout
openssl x509 -in cert.cer -text -noout
openssl x509 -in cert.crt -text -noout

If you encounter an error similar to the following, indicating that the certificate is not encoded PEM, DER encoded certificate is

nable to load certificate
140736189195208:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/crypto/pem/pem_lib.c:704:Expecting: TRUSTED CERTIFICATE

View DER encoded certificate

openssl x509 -in certificate.der -inform der -text -noout

Certificate of conversion between different formats

Conversion from PEM to DER

openssl x509 -in cert.pem -outform der -out cert.der

从 DER to PEM

openssl x509 -in cert.crt -inform der -outform pem -out cert.pem

Reproduced in: https: //www.jianshu.com/p/87211efe8b7f