Certificates format widely accepted,
PEM (Privacy Enhanced Mail)
Governed by RFCs, it's used preferentially by open-source software.Most common format used for certificates
Private Key : YES, Private key in seperate file.
Format : Base64 encoded ASCII files
Extensions : .cer, .crt, .pem, .key
DER (The parent format of PEM.)
All types of certificates & private keys can be encoded in DER format.DER formatted certificates when opened in editor do not contain the BEGIN CERTIFICATE or END CERTIFICATE.
Private Key : YES
Format : Binary version of the base64-encoded
Extensions : .cer, .der
P7B/PKCS#7
An open standard used by Java and supported by Windows.Defined in RFC 2315 as PKCS number 7
Private Key : NO
Format : Base64 ASCII format
Extensions : .p7b or .p7c
PFX/P12/PKCS#12
Can be freely converted to PEM format through use of openssl.
Private Key : YES, Private key in seperate file.Format : Base64 ASCII format
Extensions : .pfx and .p12
CSR (Certificate Signing Request)
We can use openSSL or other tools to create the CSR.It is PKCS10 which is defined in RFC 2986.
Contents - Country Name (C), State or Province (ST), Locality (L), Organization (O), Organizational Unit (OU),Common Name (CN)
CRL (Certificate Revocation List)
Revocation defined in RFC 5280State -
Revoked: A certificate is irreversibly revoked
Hold: This reversible status can be used to note the temporary invalidity of the certificate.
Certificate Authorities produce these as a way to de-authorize certificates before expiration.
CRL are not related to Expiration of certificates.
Expiration dates are not a substitute for a CRL. Its for mistakes occured while vetting and key management.
0 Comments