There are three main types of digital certificates: extended validated, organization validated, and domain validated certificates. Certificates can be encoded in .der, .pem, .key, .cert, .cer, and .crt formats. The .pem format encodes the .der certificate in base64 and can contain additional data like private keys. Openssl commands can be used to view the contents and properties of a certificate.
3. Certificate data formats
.der:
binary encoding of x.509 certificate
.pem
Not a certificate format, merely an encoding format
base64 encoded of .der certificate.
Characterized by BEGIN CERTIFICATE <content> END CERTIFICATE
Usually used by open source Software
container format (may contains keys, certificate, certificate signing request etc)
.key
pem formatted file containing private key
conventional format
.cert /.cer/ .crt
pem formatted file with different extention
recognized by Windows Explorer as a certificate
4. Inspect content of a certificate
$ openssl x509 -in www_amazon_com.crt -text -noout
5. Types of Certificate
Certificate binds a public key to its owner.
PGP certificate
Decentralized ways of establishing trust
X.509
Centralized trust model