Digital certificate, also known as public key certificate or identity certificate, is an electronic document that proves the owner of public key. The content of a digital certificate includes the public key, the identity information of the owner of the public key (usually called the subject) and the digital signature of the publishing entity (usually called the publisher) that verifies the content of the certificate.

The format of digital certificate generally adopts the international standard X.509v3 A standard X.509 digital certificate contains the following contents:

X.509 defines the standard of digital certificate format. Please refer to Wikipedia entry for details. You can view the certificate format through the Openssl command line OpenSSL X509-incertificate.crt-text-noout tool.

Now the certificate extensions are basically mixed, so the extensions can't uniquely confirm the storage format of the certificate, and can only judge whether it is stored in binary or Base64 encoding format according to the file content.

. Key is usually used to store private keys encoded in Base64 format.

. PEM。 cer。 CRT (Privacy Enhanced E-mail) der binary format Base64 encoding, and add a start line-BEGIN CERTIFICATE-and an end line -end certificate at the beginning and end of encoding.

The binary format certificate of. der。 cer。 Crt DER is coded and unreadable, which is not convenient for the transmission and exchange of certificates.

P 12 usually contains a certificate and a symmetric encrypted private key.

. Pfx is the predecessor of p 12.

Consider a question, why is there no scene of encryption with private key and decryption with public key? Because the public key is publicly released, if you want to decrypt it with the publicly released private key, this scenario is not encryption and decryption, but digital signature.

Digital signature process