PEM (Privacy Enhanced Mail)
PEM is the most common format for SSL certificates. It is a base64-encoded format that includes the certificate, the private key, and any intermediate certificates. PEM files are typically named with the extension .pem or .crt.
DER (Distinguished Encoding Rules)
DER is a binary format that is used for carrying digital certificates and other cryptographic objects. DER files are typically named with the extension .der.
PKCS#7 (Public-Key Cryptography Standard #7)
PKCS#7 is a format for digitally signing, encrypting, and compressing data. It can be used to encapsulate PEM certificates and other data. PKCS#7 files are typically named with the extension .p7b or .p7s.
PKCS#12 (Public-Key Cryptography Standard #12)
PKCS#12 is a format for storing private keys and certificates together in a single file. It is often used to store personal certificates, such as those used for email and web browsing. PKCS#12 files are typically named with the extension .pfx or .p12.
Here is a table summarizing the key differences between the four formats:
| Format | Description | File extension |
|---|---|---|
| PEM | Base64-encoded format that includes the certificate, the private key, and any intermediate certificates | .pem, .crt |
| DER | Binary format that is used for carrying digital certificates and other cryptographic objects | .der |
| PKCS#7 | Format for digitally signing, encrypting, and compressing data | .p7b, .p7s |
| PKCS#12 | Format for storing private keys and certificates together in a single file | .pfx, .p12 |