Difference between revisions of "Privacy-Enhanced Mail (.PEM)"
Jump to navigation
Jump to search
↑ https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file
Tags: Mobile web edit, Mobile edit |
Tags: Mobile web edit, Mobile edit |
||
| Line 11: | Line 11: | ||
Read [[certificate]]: | Read [[certificate]]: | ||
* <code>[[openssl x509]] -in certificate.pem -text</code> | * <code>[[openssl x509]] -in certificate.pem -text</code> | ||
| + | * <code>[[openssl s_client]] -showcerts -connect YOUR_DOMAIN.COM:443</code> | ||
* <code>[[keytool]] -printcert -file certificate.pem</code> | * <code>[[keytool]] -printcert -file certificate.pem</code> | ||
| − | |||
Generate certificate: | Generate certificate: | ||
Revision as of 10:37, 6 September 2021
pem - Defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs), or may include an entire certificate chain including public key, private key, and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.[1]
ssh-keygen -m PEM -t rsa -f your_new_rsa_key.pem
Read certificate:
openssl x509 -in certificate.pem -textopenssl s_client -showcerts -connect YOUR_DOMAIN.COM:443keytool -printcert -file certificate.pem
Generate certificate:
PKCS7 chain in DER format. These files also may be named with a .p7b extension
- OpenSSH 7.8, (August 2018) Incompatible changes:
ssh-keygenwrite OpenSSH format private keys by default instead of using OpenSSL's PEM format.
file your_pem_file.pem your_pem_file.pem PEM RSA private key
Related terms
- X.509
ssh-keygenopenssl.crt(Core FTP).key(Core FTP)- Let's Encrypt request certificate:
certbot certonly - Nginx
ssl_certificatedirective
See also
- OpenSSL: RSA, ECDSA, WolfSSL, AES, Diffie-Hellman (DH) key-exchange,
/etc/ssl/openssl.cnf, OpenSSL v3 - OpenSSH (changelog):
/etc/ssh/sshd_config|/etc/ssh/ssh_config|~/.ssh/|openSSL | sshd logs|sftp|scp|authorized_keys|ssh-keygen|ssh-keyscan|ssh-add|ssh-agent|ssh|Ssh -O stop|ssh-copy-id|CheckHostIP|UseKeychain, OpenSSF - SSH:
ssh, TLS,.ppk, .pem, .crt, .pub, ED25519, Key exchange method (KEX), public key, private key,ssh -Q kex,IAMUserSSHKeys,known_hosts, ssh tunnel, Dropbear - TLS, mTLS: OpenSSL, LibreSSL, BoringSSL, WolfSSL, X.509,
.pem, SNI, CT, OCSP, Mbed TLS, ALPN,your connection is not private, SSL Certificate Checker, Wildcard certificate, JA3 fingerprint, sslcan, TLS inspection - CA, Root Certificates, FreeIPA, PKI, OpenCA, Wildcard certificate,
certtool,certbot(Let's Encrypt),certinfo(Cloudflare), ACME, Boulder,cfssl(Cloudflare), Public key certificate, public key, TLS and X.509, OCSP, Subject Alternative Name (SAN),openssl ca, Self signed certificate, CSR,keytool, ACM, KMS,aws acm, IdenTrust, multirootca, cert-manager, ca_cert_identifier
Advertising:
