Difference between revisions of "Privacy-Enhanced Mail (.PEM)"
(5 intermediate revisions by the same user not shown) | |||
Line 6: | Line 6: | ||
* <code>[[ssh-keygen -m PEM]] -t [[rsa]] -f your_new_rsa_key.pem</code> | * <code>[[ssh-keygen -m PEM]] -t [[rsa]] -f your_new_rsa_key.pem</code> | ||
− | * [[Convert from | + | * [[Convert from .cer to .pem]] |
Read [[certificate]]: | Read [[certificate]]: | ||
− | * <code>[[openssl x509]] | + | * <code>[[openssl x509 -in]] certificate.pem -text</code> |
* <code>[[openssl s_client]] -showcerts -connect YOUR_DOMAIN.COM:443</code> | * <code>[[openssl s_client]] -showcerts -connect YOUR_DOMAIN.COM:443</code> | ||
* <code>[[keytool]] -printcert -file certificate.pem</code> | * <code>[[keytool]] -printcert -file certificate.pem</code> | ||
Line 45: | Line 45: | ||
* <code>[[.pfx]]</code> or <code>[[.p12]]</code> | * <code>[[.pfx]]</code> or <code>[[.p12]]</code> | ||
* <code>[[IdentityFile]]</code> | * <code>[[IdentityFile]]</code> | ||
+ | * [[PEM]] ([[RFC 1421]]) | ||
+ | * [[OpenSSH PEM]] ([[RFC 4716]]) | ||
+ | * [[tls_private_key]] | ||
== Activities == | == Activities == | ||
Line 56: | Line 59: | ||
* {{X.509}} | * {{X.509}} | ||
* {{Certificates}} | * {{Certificates}} | ||
+ | * {{PKCS}} | ||
[[Category:Security]] | [[Category:Security]] |
Latest revision as of 10:43, 25 July 2024
wikipedia:Privacy-Enhanced Mail extension for X.509 certificates. .pem
defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs/
), or may include an entire certificate chain including public key, private key and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.[1]
ssh-keygen -m PEM -t rsa -f your_new_rsa_key.pem
Read certificate:
openssl x509 -in certificate.pem -text
openssl s_client -showcerts -connect YOUR_DOMAIN.COM:443
keytool -printcert -file certificate.pem
Generate certificate:
PKCS7 chain in DER format. These files also may be named with a .p7b extension
- OpenSSH 7.8, (August 2018) Incompatible changes:
ssh-keygen
write OpenSSH format private keys by default instead of using OpenSSL's PEM format.
file your_pem_file.pem your_pem_file.pem PEM RSA private key
file example.org.csr example.org.csr: PEM certificate request
file your_cert_for_development.cer your_cert_for_development.cer: Certificate, Version=3
Related terms[edit]
.cer
.crt
- X.509
ssh-keygen -m
andopenssl req
.crt
(Core FTP).key
(Core FTP)- Let's Encrypt:
certbot certonly
,certbot certificates
- Nginx
ssl_certificate
directive .pfx
or.p12
IdentityFile
- PEM (RFC 1421)
- OpenSSH PEM (RFC 4716)
- tls_private_key
Activities[edit]
See also[edit]
base64, base64 --decode
, Serialized- Certificate:
.pem
,.ppk
,.pfx
,.p12
,.cer, .crt
,openssl pkcs12
,.csr
,.pub
, PFX, PKCS, PKCS - PEM,
ssh-keygen -m PEM
, RFC 1421, OpenSSH PEM (RFC 4716) - Certificate, CSR (PKCS10),
/etc/letsencrypt/csr/
,openssl req
, X.509, [.pem
,.cer
,.csr
], Kubernetes CertificateSigningRequest - X.509, ASN.1,
openssl x509
,.pem, der
, PFX, PKCS, SAN,openssl x509, CSR
- Certificate, certificate extensions (
.pem
,.pfx
), CSR,.csr
, root certificate, public certificate - PKCS, PKCS7, PKCS8, PKCS10, PKCS12
Advertising: