Difference between revisions of "Privacy-Enhanced Mail (.PEM)"

wikipedia:PEM

pem - Defined in RFCs 1421 through 1424, this is a container format that may include just the public certificate (such as with Apache installs, and CA certificate files /etc/ssl/certs/), or may include an entire certificate chain including public key, private key and root certificates. Confusingly, it may also encode a CSR (e.g. as used here) as the PKCS10 format can be translated into PEM. The name is from Privacy Enhanced Mail (PEM), a failed method for secure email but the container format it used lives on, and is a base64 translation of the x509 ASN.1 keys.^[1]

PEM or DER or PFX

• ssh-keygen -m PEM -t rsa -f your_new_rsa_key.pem

Read certificate:

• openssl x509 -in certificate.pem -text
• openssl s_client -showcerts -connect YOUR_DOMAIN.COM:443
• keytool -printcert -file certificate.pem

Generate certificate:

• openssl req

PKCS7 chain in DER format. These files also may be named with a .p7b extension

• OpenSSH 7.8, (August 2018) Incompatible changes: ssh-keygen write OpenSSH format private keys by default instead of using OpenSSL's PEM format.

file your_pem_file.pem
your_pem_file.pem PEM RSA private key

Related terms

• X.509
• ssh-keygen
• openssl: openssl req
• .crt (Core FTP)
• .key (Core FTP)
• Let's Encrypt: certbot certonly, certbot certificates
• Nginx ssl_certificate directive

Activities

• Read about certificate extensions: https://knowledge.digicert.com/generalinformation/INFO2824.html

See also

• Certificate: .pem, .ppk, .pfx, .p12, .cer, .crt, openssl pkcs12, .csr, .pub, PFX, PKCS, PKCS
• Certificate, CSR (PKCS10), /etc/letsencrypt/csr/, openssl req, X.509, [.pem, .cer, .csr], Kubernetes CertificateSigningRequest
• X.509, ASN.1, openssl x509, .pem, der, PFX, PKCS, SAN, openssl x509, CSR
• TLS, mTLS: OpenSSL, LibreSSL, BoringSSL, WolfSSL, X.509, .pem, SNI, CT, OCSP, Mbed TLS, ALPN, your connection is not private, SSL Certificate Checker, Wildcard certificate, JA3 fingerprint, sslcan, TLS inspection