Ask a Question

Advanced Search

Alert ID : INFO4448

Last Modified : 05/03/2018

What are the differences between .P7B (PKCS#7) .PFX/.P12 (PKCS#12) .PEM, .DER, .CRT, .CER Certificates?


What are the differences between .p7b, .pfx, .p12, .pem, .der, .crt & .cer Certificates?

With so many servers, some require different formats.


PEM Format

  • It is the most common format used for certificates
  • Most servers (Ex: Apache) expects the certificates and private key to be in a separate files
    -   Usually they are Base64 encoded ASCII files
    -   Extensions used for PEM certificates are .cer, .crt, .pem, .key files
    -   Apache and similar server uses PEM format certificates

DER Format

  • The DER format is the binary form of the certificate
  • All types of certificates & private keys can be encoded in DER format
  • DER formatted certificates do not contain the "BEGIN CERTIFICATE/END CERTIFICATE" statements
  • DER formatted certificates most often use the ‘.cer’ and '.der' extensions
  • DER is typically used in Java Platforms


P7B/PKCS#7 Format

  • The PKCS#7 or P7B format is stored in Base64 ASCII format and has a file extension of .p7b or .p7c
  • A P7B file only contains certificates and chain certificates (Intermediate CAs), not the private key
  • The most common platforms that support P7B files are Microsoft Windows and Java Tomcat


PFX/P12/PKCS#12 Format

  • The PKCS#12 or PFX/P12 format is a binary format for storing the server certificate, intermediate certificates, and the private key in one encryptable file
  • These files usually have extensions such as .pfx and .p12
  • They are typically used on Windows machines to import and export certificates and private keys


If your server/device requires a different certificate format other than Base64 encoded X.509, a third party tool such as OpenSSL can be used to convert the certificate into the appropriate format.