This article is a Draft. Help us to complete it.
pem - Defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs), or may include an entire certificate chain including public key, private key, and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.
openssl x509 -in certificate.pem -text
keytool -printcert -file certificate.pem
openssl s_client -showcerts -connect YOUR_DOMAIN.COM:443
PKCS7 chain in DER format. These files also may be named with a .p7b extension
- OpenSSH 7.8, (August 2018) Incompatible changes:
ssh-keygenwrite OpenSSH format private keys by default instead of using OpenSSL's PEM format.
- Let's Encrypt request certificate:
- OpenSSL: RSA, ECDSA, WolfSSL, AES, Diffie-Hellman (DH) key-exchange,
- OpenSSH (changelog),
openSSL, sshd logs,
Ssh -O stop
- SSH: Ssh (OpenSSH client), TLS, .ppk, .key, .pem, .crt, .pub, ED25519,
- CA, FreeIPA, PKI, OpenCA, Wildcard certificate,
certinfo(Cloudflare), ACME, Boulder,
cfssl(Cloudflare), Public key certificate, public key, TLS and X.509, OCSP, Subject Alternative Name (SAN),
openssl ca, Self signed certificate