====== Ubuntu - Certificates - Certificate Types ======

Common filename extensions for X.509 certificates are:

^Filename Extension^Description^
|.pem|Privacy-enhanced Electronic Mail.  Base64 encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"|
|.cer, .crt, .der|Usually in binary DER form, but Base64-encoded certificates are common too (see .pem above)|
|.p7b, .p7c|PKCS#7 SignedData structure without data, just certificate(s) or CRL(s)|
|.p12|PKCS#12, may contain certificate(s) (public) and private keys (password protected)|
|.pfx|PFX, predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., with PFX files generated in IIS)|


  * PKCS#7 is a standard for signing or encrypting (officially called "enveloping") data. Since the certificate is needed to verify signed data, it is possible to include them in the SignedData structure. A .P7C file is a degenerated SignedData structure, without any data to sign.[citation needed]
  * PKCS#12 evolved from the personal information exchange (PFX) standard and is used to exchange public and private objects in a single file.