Difference between revisions of "Privacy-Enhanced Mail (.PEM)"

From wikieduonline
Jump to navigation Jump to search
 
(20 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[wikipedia:PEM]] extension for [[X.509]] certificates
+
[[wikipedia:Privacy-Enhanced Mail]] extension for [[X.509]] certificates. <code>.pem</code> defined in [[RFCs]] 1421 through 1424, this is a container format that may include just the [[public certificate]] (such as with Apache installs, and CA certificate files <code>[[/etc/ssl/certs/]]</code>), or may include an entire certificate chain including [[public key]], [[private key]] and [[root certificates]]. Confusingly, it may also encode a [[CSR]] (e.g. as used here) as the [[PKCS10]] format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.<ref>https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file </ref>
  
pem - Defined in [[RFCs]] 1421 through 1424, this is a container format that may include just the [[public certificate]] (such as with Apache installs, and CA certificate files [[/etc/ssl/certs/]]), or may include an entire certificate chain including [[public key]], [[private key]] and [[root certificates]]. Confusingly, it may also encode a [[CSR]] (e.g. as used here) as the [[PKCS10]] format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.<ref>https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file </ref>
+
PEM or [[DER]] or [[PFX]]
  
PEM or [[DER]] or [[PFX]]
 
  
 +
* <code>[[ssh-keygen -m PEM]] -t [[rsa]] -f your_new_rsa_key.pem</code>
  
* <code>[[ssh-keygen]] -m PEM -t [[rsa]] -f your_new_rsa_key.pem</code>
+
* [[Convert from .cer to .pem]]
  
  
 
Read [[certificate]]:
 
Read [[certificate]]:
* <code>[[openssl x509]] -in certificate.pem -text</code>
+
* <code>[[openssl x509 -in]] certificate.pem -text</code>
 
* <code>[[openssl s_client]] -showcerts -connect YOUR_DOMAIN.COM:443</code>
 
* <code>[[openssl s_client]] -showcerts -connect YOUR_DOMAIN.COM:443</code>
 
* <code>[[keytool]] -printcert -file certificate.pem</code>
 
* <code>[[keytool]] -printcert -file certificate.pem</code>
Line 25: Line 25:
 
  [[file]] your_pem_file.pem
 
  [[file]] your_pem_file.pem
 
  your_pem_file.pem [[PEM]] RSA private key
 
  your_pem_file.pem [[PEM]] RSA private key
 +
 +
file example.org[[.csr]]
 +
example.org.csr: PEM [[certificate request]]
 +
 +
file your_cert_for_development.cer
 +
your_cert_for_development.cer: Certificate, Version=3
  
  
  
 
== Related terms ==
 
== Related terms ==
 +
* <code>[[.cer]]</code>
 +
* <code>[[.crt]]</code>
 
* [[X.509]]
 
* [[X.509]]
* <code>[[ssh-keygen]]</code> and <code>[[openssl req]]</code>
+
* <code>[[ssh-keygen -m]]</code> and <code>[[openssl req]]</code>
 
* <code>[[.crt]]</code> ([[Core FTP]])
 
* <code>[[.crt]]</code> ([[Core FTP]])
 
* <code>[[.key]]</code> ([[Core FTP]])
 
* <code>[[.key]]</code> ([[Core FTP]])
Line 36: Line 44:
 
* [[Nginx]] <code>[[ssl_certificate]]</code> directive
 
* [[Nginx]] <code>[[ssl_certificate]]</code> directive
 
* <code>[[.pfx]]</code> or <code>[[.p12]]</code>
 
* <code>[[.pfx]]</code> or <code>[[.p12]]</code>
 +
* <code>[[IdentityFile]]</code>
 +
* [[PEM]] ([[RFC 1421]])
 +
* [[OpenSSH PEM]] ([[RFC 4716]])
 +
* [[tls_private_key]]
  
 
== Activities ==
 
== Activities ==
Line 41: Line 53:
  
 
== See also ==
 
== See also ==
 +
* {{base64}}
 
* {{.pem}}
 
* {{.pem}}
 +
* {{PEM}}
 
* {{CSR}}
 
* {{CSR}}
 
* {{X.509}}
 
* {{X.509}}
 
* {{Certificates}}
 
* {{Certificates}}
 +
* {{PKCS}}
  
  
 
[[Category:Security]]
 
[[Category:Security]]

Latest revision as of 10:43, 25 July 2024

wikipedia:Privacy-Enhanced Mail extension for X.509 certificates. .pem defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs/), or may include an entire certificate chain including public key, private key and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.[1]

PEM or DER or PFX



Read certificate:

Generate certificate:


PKCS7 chain in DER format. These files also may be named with a .p7b extension


file your_pem_file.pem
your_pem_file.pem PEM RSA private key
file example.org.csr
example.org.csr: PEM certificate request
file your_cert_for_development.cer
your_cert_for_development.cer: Certificate, Version=3


Related terms[edit]

Activities[edit]

See also[edit]

  • https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file
  • Advertising: