<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview 
[{$pagename}] ([PEM]) format is the most common [Certificate Format] that a [Certificate Authority] would issue a [certificates]. 


[{$pagename}] or [PEM] Format can contain all of private keys ([RSA] and DSA), [Public Keys] ([RSA] and [DSA|Digital Signature Algorithm]) and ([X.509]) [Certificates]. 

[Apache] and other similar servers use [{$pagename}] format certificates. Several [{$pagename}] certificates, and even the private key, can be included in one file, one below the other, but most platforms, such as Apache, expect the certificates and [Private Key] to be in separate files. 

[{$pagename}] Characteristics:

* [Base64] encoded [ASCII] files  &quot;-----BEGIN CERTIFICATE-----&quot; and &quot;-----END CERTIFICATE-----&quot;
* [File System] extensions are commonly: .pem, .crt, .cer, .key
* [Certificate Chain] and [Private Keys] can all be put into the [PEM] format. 
* Apache and similar servers uses [PEM] format certificates


!! Single Binary Certificate 
In the [Certificate] base form, a digital certificate is a binary data structure containing the fields listed in X.509 certificates. A [Certificate] is encoded using [Distinguished Encoding Rules], a platform-independent standard for encapsulating data. As with other binary data, remember to transfer a binary certificate in binary format, for example using binary FTP, when you copy to or from a system. 

If you peek at a data set containing a binary certificate on a [z/OS|ZOS] or other [EBCDIC] platform, the contents appear unintelligible because none of the data is encoded in [EBCDIC]. On a Windows® or other [ASCII] platform, some string data might be intelligible if it is encoded in ASCII. 

[{$pagename}] is the default format for [OpenSSL]. [Privacy-Enhanced Mail] stores data in Base64 encoded [Distinguished Encoding Rules] format, surrounded by ascii headers, so is suitable for text mode transfers between systems. 

Generally, If your organization uses certificate chaining, use this format to create CA certificates. 

Opening a [{$pagename}] in a text editor would see something similar to:
{{{ 
-----BEGIN CERTIFICATE----- 
MIIEvDCCBCWgAwIBAgIQBWXQILzgvZ/Yq0T/DF9j4DANBgkqhkiG9w0BAQUFADCB 
jDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTAwLgYDVQQL 
b20vdnNsb2dvLmdpZjANBgkqhkiG9w0BAQUFAAOBgQAfd2Pw4dWhyHrmcbPxqVKG 
: 
Base 64 encoding of DER 
: 
9TGhojnDNQov4umWxtiMEScsx7L7CnanN6qNCMdVcBGrZpTW8IsGwSD2Gjg8fIfb 
/NfVk00RP00+QuzdtbH911tkbqakrjJd5Ck8Nq/jF1FUlgzu5+35cDtcTYB2PD05 
A8NmmxGCAbsKaNp/6Vk98w== 
-----END CERTIFICATE----- 
}}} 

!! More Information 
There might be more information for this subject on one of the following: 
[{ReferringPagesPlugin before='*' after='\n' }] 
</pre>