Ask a Question

Alert ID : INFO2824

Last Modified : 06/20/2018

Certificate extensions explained

Description

A file extension is the designation at the end of a file.  For example, a certificate named "certificate.cer" has a certificate extension of ".cer" and we put a "*" in front to designate that in front of the letters could be anything, it is only what is after the period that matters for identification of extension type.

Common Valid Windows Certificate Extensions:
*.PFX or *.P12  -  Personal Information Exchange Format
Supports storage of private and public keys and all certificates in the path. 
*If you wish to export a certificate and retain full private key functionality you must use the *.PFX or *.P12 extension*

*.CER or *.CRT  -  Base64-encoded or DER-encoded binary X.509 Certificate
Storage of a single certificate.  This format does not support storage of private keys.
 
*.CRL  -  Certificate Revocation List
Designates a certificate that has been revoked.

*.CSR  -  Certificate Signing Request
This file type is issued by applications to submit requests to a Certification Authority or CA.

*.DER - DER-encoded binary X.509 Certificate
Storage of a single certificate.  This format does not support storage of private keys.

*.P7B or *.P7R or *.SPC  -  Cryptographic Message Syntax Standard
Supports storage of all certificates in path and does not store private keys.

For technical articles from Microsoft about managing certificates on Windows Servers, check out: https://technet.microsoft.com/en-us/library/cc772898(WS.10).aspx