Privacy-Enhanced Mail

Overview #

Privacy-Enhanced Mail (PEM) format is the most common Certificate Format that a Certificate Authority would issue a certificates.

Privacy-Enhanced Mail or PEM Format can contain all of private keys (RSA and DSA), Public Keys (RSA and DSA) and (X.509) Certificates.

Apache and other similar servers use Privacy-Enhanced Mail format certificates. Several Privacy-Enhanced Mail certificates, and even the private key, can be included in one file, one below the other, but most platforms, such as Apache, expect the certificates and Private Key to be in separate files.

Privacy-Enhanced Mail Characteristics:

Single Binary Certificate #

In the Certificate base form, a digital certificate is a binary data structure containing the fields listed in X.509 certificates. A Certificate is encoded using Distinguished Encoding Rules, a platform-independent standard for encapsulating data. As with other binary data, remember to transfer a binary certificate in binary format, for example using binary FTP, when you copy to or from a system.

If you peek at a data set containing a binary certificate on a z/OS or other EBCDIC platform, the contents appear unintelligible because none of the data is encoded in EBCDIC. On a Windows® or other ASCII platform, some string data might be intelligible if it is encoded in ASCII.

Privacy-Enhanced Mail is the default format for OpenSSL. Privacy-Enhanced Mail stores data in Base64 encoded Distinguished Encoding Rules format, surrounded by ascii headers, so is suitable for text mode transfers between systems.

Generally, If your organization uses certificate chaining, use this format to create CA certificates.

Opening a Privacy-Enhanced Mail in a text editor would see something similar to:

Base 64 encoding of DER 

More Information #

There might be more information for this subject on one of the following: