Der, Cer, Pfx, Pem they are extensions (filename suffix, representing format)
. DER : binary DER-encoded certificate; .PEM : (BASE64) encoded with a certificate ASCLL; .CER : storing a public key, without the private key; .PFX : storing public and private keys (pem certificate suffix is base64 coding; certificate der suffix are binary format; crt .cer certificate file suffix files are (not necessarily encoding, there may be .pem, there may be .der) ;. pfx is mainly used for windows platforms, browsers You can use, but also contains the certificate and private key, a password is required before they can obtain the private key)
X509 file extension ( X509 public key of this certificate only, does not include the private key. )
Coding (also used as an expansion)
DER = DER DER-encoded certificate used for binary extension. These documents may also carry CER or extension CRT. Correct English usage is "I have DER encoded certificates" instead of "I have DER certificate."
PEM = PEM extension for X.509v3 different types of files, which contain the prefix "-BEGIN ..." ASCII line (Base64) Armored data.
combination
In some cases, a plurality of X.509 infrastructure into a single file is advantageous. A common example is a combination of private and public keys to the same certificate.
Combination key certificate chain and easiest way is to convert each key certificate of PEM, then simply copy the contents of each file to the new file. This applies to a combination of files to use in the Apache application.
extraction
Some form of certificate will be merged. One file can contain any of the following: certificates, private keys, public key, signed certificate, the certificate authority (CA) and / or authorization chain.
PEM format
PEM format is commonly used certificate authority (Certificate Authorities, CA), the extension .pem, .crt, .cer, and .key . Base64-encoded content ASCII-file, similar to "----- BEGIN CERTIFICATE -----" and "----- END CERTIFICATE -----" in the head and tail mark. Server authentication certificate, intermediate certificates and private keys are stored in PEM format (in fact, a public key certificate). Apache and similar servers use PEM format certificate.
DER format
DER and PEM format is different in that it uses a binary rather than ASCII Base64 encoded. Extension .der , but also often used .cer extension used for all types of certificates and private keys can be stored as DER format. Java platform so typical use.
Conversion method
You can use OpenSSL command-line tool for converting between different formats certificate
PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.der
PEM to PFX
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
DER to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
PFX to PEM
openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
(PFX turn after PEM certificate.cerfile contains the certificate and private key, they need to be stored separately in order to use.)
Knowledge points:
1, encrypted using the public key data pertaining to the operation
2, using the private key of the summary of the actions belong to the original signature
3, can be added to each other public and private keys to decrypt
4, between the different formats of certificates can be interchangeable
5, the public key can be public, private but do not leak, should be kept
Note: In the backup certificate information when we best use .jks .pfx file or save it, the certificate file so that the backup can be a complete export.
