Difference between revisions of "Privacy-Enhanced Mail (.PEM)"

From wikieduonline
Jump to navigation Jump to search
 
(51 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Draft}}
+
[[wikipedia:Privacy-Enhanced Mail]] extension for [[X.509]] certificates. <code>.pem</code> defined in [[RFCs]] 1421 through 1424, this is a container format that may include just the [[public certificate]] (such as with Apache installs, and CA certificate files <code>[[/etc/ssl/certs/]]</code>), or may include an entire certificate chain including [[public key]], [[private key]] and [[root certificates]]. Confusingly, it may also encode a [[CSR]] (e.g. as used here) as the [[PKCS10]] format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.<ref>https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file </ref>
  
pem - Defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs), or may include an entire certificate chain including public key, private key, and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.<ref>https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file </ref>
+
PEM or [[DER]] or [[PFX]]
  
PEM or [[DER]] or [[PFX]]
 
  
 +
* <code>[[ssh-keygen -m PEM]] -t [[rsa]] -f your_new_rsa_key.pem</code>
  
<code>[[ssh-keygen]] -m PEM -t [[rsa]] -f your_new_rsa_key.pem</code>
+
* [[Convert from .cer to .pem]]
  
  
Read certificate:
+
Read [[certificate]]:
[[openssl]] [[x509]] -in certificate.pem -text
+
* <code>[[openssl x509 -in]] certificate.pem -text</code>
[[keytool]] -printcert -file certificate.pem
+
* <code>[[openssl s_client]] -showcerts -connect YOUR_DOMAIN.COM:443</code>
 +
* <code>[[keytool]] -printcert -file certificate.pem</code>
  
 +
Generate certificate:
 +
* <code>[[openssl req]]</code>
  
  
 
PKCS7 chain in [[DER]] format. These files also may be named with a .p7b extension
 
PKCS7 chain in [[DER]] format. These files also may be named with a .p7b extension
 +
 +
* [[OpenSSH 7.8]], (August 2018) Incompatible changes: <code>[[ssh-keygen]]</code> write [[OpenSSH format]] private keys by default instead of using OpenSSL's PEM format.
 +
 +
 +
[[file]] your_pem_file.pem
 +
your_pem_file.pem [[PEM]] RSA private key
 +
 +
file example.org[[.csr]]
 +
example.org.csr: PEM [[certificate request]]
 +
 +
file your_cert_for_development.cer
 +
your_cert_for_development.cer: Certificate, Version=3
 +
 +
  
 
== Related terms ==
 
== Related terms ==
 +
* <code>[[.cer]]</code>
 +
* <code>[[.crt]]</code>
 
* [[X.509]]
 
* [[X.509]]
* <code>[[ssh-keygen]]</code>
+
* <code>[[ssh-keygen -m]]</code> and <code>[[openssl req]]</code>
* <code>[[openssl]]</code>
 
 
* <code>[[.crt]]</code> ([[Core FTP]])
 
* <code>[[.crt]]</code> ([[Core FTP]])
 
* <code>[[.key]]</code> ([[Core FTP]])
 
* <code>[[.key]]</code> ([[Core FTP]])
* [[Let's Encrypt]] request certificate: <code>[[certbot certonly]]</code>
+
* [[Let's Encrypt]]: <code>[[certbot certonly]]</code>, <code>[[certbot certificates]]</code>
 
* [[Nginx]] <code>[[ssl_certificate]]</code> directive
 
* [[Nginx]] <code>[[ssl_certificate]]</code> directive
 +
* <code>[[.pfx]]</code> or <code>[[.p12]]</code>
 +
* <code>[[IdentityFile]]</code>
 +
* [[PEM]] ([[RFC 1421]])
 +
* [[OpenSSH PEM]] ([[RFC 4716]])
 +
* [[tls_private_key]]
 +
 +
== Activities ==
 +
* Read about [[certificate extensions]]: https://knowledge.digicert.com/generalinformation/INFO2824.html
  
 
== See also ==
 
== See also ==
* {{openSSL}}
+
* {{base64}}
* {{OpenSSH}}
+
* {{.pem}}
* {{ssh}}
+
* {{PEM}}
* {{CA}}
+
* {{CSR}}
 +
* {{X.509}}
 +
* {{Certificates}}
 +
* {{PKCS}}
  
  
 
[[Category:Security]]
 
[[Category:Security]]

Latest revision as of 10:43, 25 July 2024

wikipedia:Privacy-Enhanced Mail extension for X.509 certificates. .pem defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs/), or may include an entire certificate chain including public key, private key and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.[1]

PEM or DER or PFX



Read certificate:

Generate certificate:


PKCS7 chain in DER format. These files also may be named with a .p7b extension


file your_pem_file.pem
your_pem_file.pem PEM RSA private key
file example.org.csr
example.org.csr: PEM certificate request
file your_cert_for_development.cer
your_cert_for_development.cer: Certificate, Version=3


Related terms[edit]

Activities[edit]

See also[edit]

  • https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file
  • Advertising: