Difference between revisions of "Privacy-Enhanced Mail (.PEM)"
Jump to navigation
Jump to search
↑ https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file
| (18 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | [[wikipedia: | + | [[wikipedia:Privacy-Enhanced Mail]] extension for [[X.509]] certificates. <code>.pem</code> defined in [[RFCs]] 1421 through 1424, this is a container format that may include just the [[public certificate]] (such as with Apache installs, and CA certificate files <code>[[/etc/ssl/certs/]]</code>), or may include an entire certificate chain including [[public key]], [[private key]] and [[root certificates]]. Confusingly, it may also encode a [[CSR]] (e.g. as used here) as the [[PKCS10]] format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.<ref>https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file </ref> |
| − | + | PEM or [[DER]] or [[PFX]] | |
| − | |||
| + | * <code>[[ssh-keygen -m PEM]] -t [[rsa]] -f your_new_rsa_key.pem</code> | ||
| − | * | + | * [[Convert from .cer to .pem]] |
Read [[certificate]]: | Read [[certificate]]: | ||
| − | * <code>[[openssl x509]] | + | * <code>[[openssl x509 -in]] certificate.pem -text</code> |
* <code>[[openssl s_client]] -showcerts -connect YOUR_DOMAIN.COM:443</code> | * <code>[[openssl s_client]] -showcerts -connect YOUR_DOMAIN.COM:443</code> | ||
* <code>[[keytool]] -printcert -file certificate.pem</code> | * <code>[[keytool]] -printcert -file certificate.pem</code> | ||
| Line 25: | Line 25: | ||
[[file]] your_pem_file.pem | [[file]] your_pem_file.pem | ||
your_pem_file.pem [[PEM]] RSA private key | your_pem_file.pem [[PEM]] RSA private key | ||
| + | |||
| + | file example.org[[.csr]] | ||
| + | example.org.csr: PEM [[certificate request]] | ||
| + | |||
| + | file your_cert_for_development.cer | ||
| + | your_cert_for_development.cer: Certificate, Version=3 | ||
== Related terms == | == Related terms == | ||
| + | * <code>[[.cer]]</code> | ||
| + | * <code>[[.crt]]</code> | ||
* [[X.509]] | * [[X.509]] | ||
| − | * <code>[[ssh-keygen]]</code> and <code>[[openssl req]]</code> | + | * <code>[[ssh-keygen -m]]</code> and <code>[[openssl req]]</code> |
* <code>[[.crt]]</code> ([[Core FTP]]) | * <code>[[.crt]]</code> ([[Core FTP]]) | ||
* <code>[[.key]]</code> ([[Core FTP]]) | * <code>[[.key]]</code> ([[Core FTP]]) | ||
| Line 36: | Line 44: | ||
* [[Nginx]] <code>[[ssl_certificate]]</code> directive | * [[Nginx]] <code>[[ssl_certificate]]</code> directive | ||
* <code>[[.pfx]]</code> or <code>[[.p12]]</code> | * <code>[[.pfx]]</code> or <code>[[.p12]]</code> | ||
| + | * <code>[[IdentityFile]]</code> | ||
== Activities == | == Activities == | ||
| Line 41: | Line 50: | ||
== See also == | == See also == | ||
| + | * {{base64}} | ||
* {{.pem}} | * {{.pem}} | ||
| + | * {{PEM}} | ||
* {{CSR}} | * {{CSR}} | ||
* {{X.509}} | * {{X.509}} | ||
* {{Certificates}} | * {{Certificates}} | ||
| + | * {{PKCS}} | ||
[[Category:Security]] | [[Category:Security]] | ||
Latest revision as of 12:58, 13 February 2024
wikipedia:Privacy-Enhanced Mail extension for X.509 certificates. .pem defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs/), or may include an entire certificate chain including public key, private key and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.[1]
ssh-keygen -m PEM -t rsa -f your_new_rsa_key.pem
Read certificate:
openssl x509 -in certificate.pem -textopenssl s_client -showcerts -connect YOUR_DOMAIN.COM:443keytool -printcert -file certificate.pem
Generate certificate:
PKCS7 chain in DER format. These files also may be named with a .p7b extension
- OpenSSH 7.8, (August 2018) Incompatible changes:
ssh-keygenwrite OpenSSH format private keys by default instead of using OpenSSL's PEM format.
file your_pem_file.pem your_pem_file.pem PEM RSA private key
file example.org.csr example.org.csr: PEM certificate request
file your_cert_for_development.cer your_cert_for_development.cer: Certificate, Version=3
Related terms[edit]
.cer.crt- X.509
ssh-keygen -mandopenssl req.crt(Core FTP).key(Core FTP)- Let's Encrypt:
certbot certonly,certbot certificates - Nginx
ssl_certificatedirective .pfxor.p12IdentityFile
Activities[edit]
See also[edit]
base64, base64 --decode, Serialized- Certificate:
.pem,.ppk,.pfx,.p12,.cer, .crt,openssl pkcs12,.csr,.pub, PFX, PKCS, PKCS - PEM,
ssh-keygen -m PEM - Certificate, CSR (PKCS10),
/etc/letsencrypt/csr/,openssl req, X.509, [.pem,.cer,.csr], Kubernetes CertificateSigningRequest - X.509, ASN.1,
openssl x509,.pem, der, PFX, PKCS, SAN,openssl x509, CSR - Certificate, certificate extensions (
.pem,.pfx), CSR,.csr, root certificate, public certificate - PKCS, PKCS7, PKCS8, PKCS10, PKCS12
Advertising:
