Sample Certificate (PEM encoded certificate body)
Certificate Information
Certificate Type: CRT In PEM Format
Common Name: Corstex
Subject Alternative Names (SANs): Rostrevor SA 5000
Organization: Albert Marashi
Locality:AU
State: SA
Country: AU
Valid From: Nov 06, 2019, 12:0 a.m
Valid To: Jan 05, 2020, 12:0 a.mExpired
Issuer: getaCert - www.getacert.com
Serial Number: 2a0f
Algorithm: de5af57dcfaf9061e6cde68c21cf64fd46f7d0b6
Key size: 2048Strong
What is Digital Certificate ?
Digital Certificate
- It is a document that establishes identify and trustworthiness of the holder.
- The holder can be an individual or an organization or a website or any system / device
- It is generally Issued by 3 rd party agency like CA Trust
- It contains the identify information and public key
- Digital Certificate use either Base64 encoding or Binary Encoding
Digital Certificate Information
- Organization Name
- State Name
- Country Name
- Validity Dates
- Issuer
- Serial Number
- Key Size
Types of Digital Certificate
- X.509 - Follows the X.509 Public Key Infrastructure (PKI) standard.
- PGP or Pretty Good Privacy - It is a Web of Trust Decentralized model. It can be signed by anyone and not specifically an approved agency
- S/MIME (Secure Multipurpose Internet Mail Extension) - it is specifically used for secure exchange of email establishing identity and integrity It uses X.509 standard
- SSL Certificate It is a type of X.509 certificate used in https / secure transmission for websites. It is one of examples of X.509 certificate format
X.509 Encoding Formats
PEM
- PEM Stands for Privacy Enhanced Email
- PEM files can be used to create a self-signed certificate. This is a type of certificate that is signed by the certificate owner, not by a trusted certificate authority. Self-signed certificates are often used for testing and development purposes.
- It is the most common format for storing X.509 certificates
- It uses Base64 encoding
- PEM certificate starts and ends with ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----
- Other than certificates, it can also be used to store Certificate Request (CSR), Certificate Chains and Keys
- Extension is typically .pem, crt. crt-bundle, .key are also pem formats
DER
- Stands for Distinguished Encoding Rule
- DER files can be used to create a certificate signing request (CSR). A CSR is a request to a certificate authority to sign a digital certificate. CSRs are typically created using a tool like OpenSSL.
- It is an X.509 certificate with binary encoding
- Mostly used in java web servers and Windows servers
- Extension is .der, .cer
PKCS#7
- It stands for Private Key Cryptographic Standard(also known as P7B)
- PKCS#7 files can be used to store a certificate chain. This is useful for situations where you need to verify the identity of a website or other entity that uses multiple certificates.
- It can be used for storing X.509 certificates using Base64 encoding
- Typically used in Storing Certificate Chains / bundling PEM or DER Encoded certificates without the keys
- The PKCS7 certificate starts and ends with -----BEGIN PKCS7-----" and "-----END PKCS7-----
- Extensions are typically .p7b, .p7c
PFX / PKCS#12
- PKCS#12 Stands for Private Key Cryptographic Standard 12
- PKCS#12 files can be used to backup and restore digital certificates and private keys. This is useful for situations where you need to move your certificates and keys to a new device or server.
- PFX stands for Personal Information Exchange and is from Microsoft
- PKCS#12 is the successor to PFX.
- It is the format to bundle private key and PEM (X.509) content into a single encrypted 1 file
- It uses binary encoding for the same.
- Extensions are .pfx, .p12
All about Certificate Decoders
- Cert decoder is a tool that can be used to decode a digital certificate and display the contents in a human-readable format. Digital certificates are typically encoded in PEM or DER format, which makes them difficult to read without a decoder.
- CSR decoder is a tool that can be used to decode a certificate signing request (CSR) and display the contents in a human-readable format. CSRs are typically encoded in PEM or DER format, which makes them difficult to read without a decoder.
- CSR decoders can be used to verify the contents of a CSR before submitting it to a certificate authority. They can also be used to troubleshoot CSR-related problems.
- SSL decoder is a tool that can be used to decode an SSL certificate and display the contents in a human-readable format. SSL certificates are typically encoded in PEM or DER format, which makes them difficult to read without a decoder.
- SSL decoders can be used to verify the contents of an SSL certificate before using it to secure a website or other online service.
- PEM decoder is a tool that can be used to decode a PEM (Privacy Enhanced Mail) file and display the contents in a human-readable format.
- PEM files are Base64 encoded, which means that they are made up of only ASCII characters. This makes them easy to read and edit with a text editor. PEM files typically have a .pem or .crt extension.
- X.509 decoder is a tool that can be used to decode an X.509 certificate and display the contents in a human-readable format. X.509 certificates are the most common type of digital certificate, and they are used to secure a wide variety of online applications, including websites, email, and file transfers.
- X.509 certificates are encoded in ASN.1 (Abstract Syntax Notation One), which is a binary format that is difficult to read without a decoder. X.509 decoders can be used to parse ASN.1 data and display the contents of the certificate in a human-readable format, such as JSON, XML, or plain text.