Overview #The Privacy-Enhanced Mail format is the most common DigitalCertificate Format that a Certificate Authority would issue certificates. Privacy-Enhanced Mail certificates usually have extentions such as .pem, .crt, .cer, and .key.
They are Base64 encoded ASCII files and contain "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" statements. Server certificates, intermediate certificates, and private keys can all be put into the PEM format.
Apache and other similar servers use Privacy-Enhanced Mail format certificates. Several Privacy-Enhanced Mail certificates, and even the private key, can be included in one file, one below the other, but most platforms, such as Apache, expect the certificates and private key to be in separate files.
Single Binary Certificate #In the Certificate base form, a digital certificate is a binary data structure containing the fields listed in X.509 certificates. A Certificate is encoded using Distinguished Encoding Rules, a platform-independent standard for encapsulating data. As with other binary data, remember to transfer a binary certificate in binary format, for example using binary FTP, when you copy to or from a system.
If you peek at a data set containing a binary certificate on a z/OS or other EBCDIC platform, the contents appear unintelligible because none of the data is encoded in EBCDIC. On a Windows® or other ASCII platform, some string data might be intelligible if it is encoded in ASCII.
Privacy-Enhanced Mail is the default format for OpenSSL. Privacy-Enhanced Mail stores data in Base64 encoded Distinguished Encoding Rules format, surrounded by ascii headers, so is suitable for text mode transfers between systems.
Generally, If your organization uses certificate chaining, use this format to create CA certificates.
Opening a Privacy-Enhanced Mail in a text editor would see something similar to:
-----BEGIN CERTIFICATE----- MIIEvDCCBCWgAwIBAgIQBWXQILzgvZ/Yq0T/DF9j4DANBgkqhkiG9w0BAQUFADCB jDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL b20vdnNsb2dvLmdpZjANBgkqhkiG9w0BAQUFAAOBgQAfd2Pw4dWhyHrmcbPxqVKG : Base 64 encoding of DER : 9TGhojnDNQov4umWxtiMEScsx7L7CnanN6qNCMdVcBGrZpTW8IsGwSD2Gjg8fIfb /NfVk00RP00+QuzdtbH911tkbqakrjJd5Ck8Nq/jF1FUlgzu5+35cDtcTYB2PD05 A8NmmxGCAbsKaNp/6Vk98w== -----END CERTIFICATE-----