What are the differences between .p7b, .pfx, .p12, .pem, .der, .crt & .cer Certificates?
With so many servers, some require different formats.
- It is the most common format used for certificates
- Most servers (Ex: Apache) expects the certificates and private key to be in a separate files
- Usually they are Base64 encoded ASCII files
- Extensions used for PEM certificates are .cer, .crt, .pem, .key files
- Apache and similar server uses PEM format certificates
- The DER format is the binary form of the certificate
- All types of certificates & private keys can be encoded in DER format
- DER formatted certificates do not contain the "BEGIN CERTIFICATE/END CERTIFICATE" statements
- DER formatted certificates most often use the ‘.cer’ and '.der' extensions
- DER is typically used in Java Platforms
- The PKCS#7 or P7B format is stored in Base64 ASCII format and has a file extension of .p7b or .p7c
- A P7B file only contains certificates and chain certificates (Intermediate CAs), not the private key
- The most common platforms that support P7B files are Microsoft Windows and Java Tomcat
- The PKCS#12 or PFX/P12 format is a binary format for storing the server certificate, intermediate certificates, and the private key in one encryptable file
- These files usually have extensions such as .pfx and .p12
- They are typically used on Windows machines to import and export certificates and private keys
If your server/device requires a different certificate format other than Base64 encoded X.509, a third party tool such as OpenSSL can be used to convert the certificate into the appropriate format.