jspωiki
Privacy-Enhanced Mail

Overview #

The Privacy-Enhanced Mail format is the most common DigitalCertificate Format that a Certificate Authority would issue certificates. Privacy-Enhanced Mail certificates usually have extentions such as .pem, .crt, .cer, and .key.

They are Base64 encoded ASCII files and contain "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" statements. Server certificates, intermediate certificates, and private keys can all be put into the PEM format.

Privacy-Enhanced Mail or PEM Format can contain all of private keys (RSA and DSA), Public Keys (RSA and DSA) and (X.509) Certificates.

Apache and other similar servers use Privacy-Enhanced Mail format certificates. Several Privacy-Enhanced Mail certificates, and even the private key, can be included in one file, one below the other, but most platforms, such as Apache, expect the certificates and private key to be in separate files.

Single Binary Certificate #

In the Certificate base form, a digital certificate is a binary data structure containing the fields listed in X.509 certificates. A Certificate is encoded using Distinguished Encoding Rules, a platform-independent standard for encapsulating data. As with other binary data, remember to transfer a binary certificate in binary format, for example using binary FTP, when you copy to or from a system.

If you peek at a data set containing a binary certificate on a z/OS or other EBCDIC platform, the contents appear unintelligible because none of the data is encoded in EBCDIC. On a Windows® or other ASCII platform, some string data might be intelligible if it is encoded in ASCII.

Privacy-Enhanced Mail is the default format for OpenSSL. Privacy-Enhanced Mail stores data in Base64 encoded Distinguished Encoding Rules format, surrounded by ascii headers, so is suitable for text mode transfers between systems.

Generally, If your organization uses certificate chaining, use this format to create CA certificates.

Opening a Privacy-Enhanced Mail in a text editor would see something similar to:

 
-----BEGIN CERTIFICATE----- 
MIIEvDCCBCWgAwIBAgIQBWXQILzgvZ/Yq0T/DF9j4DANBgkqhkiG9w0BAQUFADCB 
jDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL 
b20vdnNsb2dvLmdpZjANBgkqhkiG9w0BAQUFAAOBgQAfd2Pw4dWhyHrmcbPxqVKG 
: 
Base 64 encoding of DER 
: 
9TGhojnDNQov4umWxtiMEScsx7L7CnanN6qNCMdVcBGrZpTW8IsGwSD2Gjg8fIfb 
/NfVk00RP00+QuzdtbH911tkbqakrjJd5Ck8Nq/jF1FUlgzu5+35cDtcTYB2PD05 
A8NmmxGCAbsKaNp/6Vk98w== 
-----END CERTIFICATE----- 

More Information #

There might be more information for this subject on one of the following: