Encodings (also used as extensions)
- .DER = The DER extension is
used for binary DER encoded certificates. These files may also bear
the CER or the CRT extension. Proper English usage would be “I
have a DER encoded certificate” not “I have a DER certificate”.
- .PEM = The PEM extension is
used for different types of X.509v3 files which contain ASCII
(Base64) armored data prefixed with a “—– BEGIN …” line.
Common Extensions
- .CRT = The CRT extension is
used for certificates. The certificates may be encoded as binary
DER or as ASCII PEM. The CER and CRT extensions are nearly
synonymous. Most common among *nix systems
- CER = alternate form of .crt
(Microsoft Convention) You can use MS to convert .crt to .cer (.both DER
encoded .cer, or base64[PEM] encoded .cer) The .cer
file extension is also recognized by IE as a command to run a MS
cryptoAPI command (specifically rundll32.exe
cryptext.dll,CryptExtOpenCER) which displays a dialogue for importing
and/or viewing certificate contents.
- .KEY = The KEY extension is
used both for public and private PKCS#8 keys. The keys may be
encoded as binary DER or as ASCII PEM.
The only time CRT and CER can safely be interchanged is when the
encoding type can be identical. (ie PEM encoded CRT = PEM encoded CER)