wikipedia:PEM extension for X.509 certificates.
.pem defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files
/etc/ssl/certs/), or may include an entire certificate chain including public key, private key and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.
openssl x509 -in certificate.pem -text
openssl s_client -showcerts -connect YOUR_DOMAIN.COM:443
keytool -printcert -file certificate.pem
PKCS7 chain in DER format. These files also may be named with a .p7b extension
- OpenSSH 7.8, (August 2018) Incompatible changes:
ssh-keygenwrite OpenSSH format private keys by default instead of using OpenSSL's PEM format.
file example.org.csr example.org.csr: PEM certificate request
file your_cert_for_development.cer your_cert_for_development.cer: Certificate, Version=3
- Let's Encrypt:
.pub, PFX, PKCS, PKCS
ssh-keygen -m PEM
- Certificate, CSR (PKCS10),
openssl req, X.509, [
.csr], Kubernetes CertificateSigningRequest
- X.509, ASN.1,
.pem, der, PFX, PKCS, SAN
- Certificate, certificate extensions (
.csr, root certificate, public certificate