What is Ask SSL Support Desk?
It is a summary of random questions that have one to the attention of Acmetek’s most awesome technical support reps. Answered and shared for the SSL Support Desk’s SSL Library which is designed to teach and educate the community.

I need a Base64 encoded .cer format certificate to Import into my Websense proxy server. Where can I get that?

Short Answer:
That is just a regular x509 certificate with a .cer extension.

In the world of Public Key Infrastructure (PKI) there are many different file formats. The following are the major ones.

x509/PEM Format:

The PEM format is the most common format that Certificate Authorities (CA) issue certificates in. PEM certificates usually have extentions such as .pem, .crt, .cer, and .key. They are Base64 encoded ASCII files and contain “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” statements. Server certificates, intermediate certificates, and private keys can all be put into the PEM format. But Typically the private key will contain the following “—–BEGIN RSA PRIVATE KEY—–” and “—–END RSA PRIVATE KEY —–” Statements.

Apache and other similar servers use PEM format certificates. Several PEM certificates, and even the private key, can be included in one file with each individual certificate sandwiched on top of each other, one below the other, but most platforms, such as Apache, expect the certificates and private key to be in separate files.

Other Formats –

PKCS#7/P7B Format:

The PKCS#7 or P7B format is usually stored in Base64 encoded ASCII format and has a file extension of .p7b or .p7c. P7B certificates usually contain the following “—–BEGIN PKCS7—–” and “—–END PKCS7—–” statements as header and footers. A P7B file only contains certificates and chain certificates, not the private key. Several platforms support P7B files including Microsoft Windows and Java Tomcat.

PKCS#12/PFX Format:

The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediate certificates, and the private key in one encryptable file. PFX files usually have extensions such as .pfx and .p12. PFX files are typically used on Windows machines to import and export certificates and private keys.

PKCS#10 Format:

The PKCS#10 is an actual certificate signing request (also CSR or certification request) This is a message sent from an applicant to a certificate authority in order to apply for a digital identity certificate. It usually contains the public key for which the certificate should be issued, identifying information (such as a domain/common name).

The more you know: Before creating a CSR, the applicant first generates a key pair, keeping the private key secret during its creation. Once the CSR has been submitted to a certificate authority an SSL Certificate will be born/issued that will only work with the private key created during CSR keypair creation.

DER Format:

The DER format is simply a binary form of a certificate instead of the ASCII PEM format. It sometimes has a file extension of .der but it often has a file extension of .cer so the only way to tell the difference between a DER .cer file and a PEM .cer file is to open it in a text editor you will see a bunch of hexadecimal gibberish. All types of certificates and private keys can be encoded in DER format but is very rarely used. DER is typically used with Java platforms.

Posted by:
Dominic Rafael
Senior Lead IT Engineer
Be sure to Subscribe!!

LoadingAdd to favorites

About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.