Secure Sockets Layer (SSL) provides secure connections by allowing two applications connecting over a network connection to authenticate the other's identity and by encrypting the data exchanged between the applications. A server identity is verified by three components: Private Key, Digital Certificate, and Trusted Certificate Authority.
SSL uses public key encryption technology for authentication. The public key is embedded into a digital certificate with additional information describing the owner of the public key, such as name, street address, and e-mail address. SSL Certificates are based on the DSA signature and the RSA algorithms for public-key cryptography according to PKCS algorithms. The certificate format depends on the application, as there is no agreement on file format standards. Private keys are usually available in the PEM (Privacy Enhanced Mail) and DER (Distinguished Encoding Rules) formats and Certificates are available in the PEM, DER, and PKCS12 file formats. A certificate file is an ASN.1 encoded object that may be encrypted with DES or 3DES.
PEM (Privacy Enhanced Mail)
PEM (.pem) format is a widely used format that can contain different types of data, including certificates, private keys, and even certificates with private keys. It is often encoded in Base64. It supports multiple digital certificates, and the files in the order of trust is important. The server digital certificate should be the first digital certificate in the file, the issuer of that digital certificate should be the next file, and so on until you get to the root certificate authority certificate.
DER (Distinguished Encoding Rules)
DER (.der, .cer) is a binary format used to encode certificates and is more compact compared to PEM. It does not use Base64 encoding. It can only contain a single certificate.
PKCS#12/PFX
PKCS#12 (.p12, .pfx) is a format that can store a private key, public key, and the associated certificate in a single encrypted file. It is commonly used for securely transporting private keys.
PKCS#7 (Cryptographic Message Syntax Standard)
PKCS#7 (.p7b, .p7c) is a format used for storing certificates and certificate chains. It may also include additional information like certificate revocation lists (CRLs).
PEM with Chain (Concatenated PEM)
PEM (.pem) format involves concatenating the certificate and its private key in a single PEM file. It is common when configuring certain web servers.
CRT (Certificate)
CRT (.crt) files typically contain X.509 certificates. The content can be in either PEM or DER format.
Conclusion
These file formats are used in different contexts, and the choice of format depends on the requirements of the system or application. When configuring SSL/TLS for a web server or any other service, it's essential to use the correct format for the corresponding components, such as certificates and private keys.
Share this post
Leave a comment
All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.
Comments (0)
No comment