I have a root cert file and I don't know whether or not it is in .pem
format. How do I check if it is in .pem
format?
DER formatted certificates - can have . der extension, but are often . cer, so the only way to tell if the certificate is PEM or DER is to open the certificate in a text editor and look for the BEGIN CERTIFICATE and END CERTIFICATE sections (if they are there then the . cer is in PEM format).
Certificate Decoder A PEM encoded certificate is a block of encoded text that contains all of the certificate information and public key. Another simple way to view the information in a certificate on a Windows machine is to just double-click the certificate file.
A PEM encoded file includes Base64 data. The private key is prefixed with a "-----BEGIN PRIVATE KEY-----" line and postfixed with an "-----END PRIVATE KEY-----". Certificates are prefixed with a "-----BEGIN CERTIFICATE-----" line and postfixed with an "-----END CERTIFICATE-----" line.
For most browsers, look to see if a site URL begins with “https,” which indicates it has an SSL certificate. Then click on the padlock icon in the address bar to view the certificate information.
DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them
Quote from the support page:
View ==== Even though PEM encoded certificates are ASCII they are not human readable. Here are some commands that will let you output the contents of a certificate in human readable form; View PEM encoded certificate ---------------------------- Use the command that has the extension of your certificate replacing cert.xxx with the name of your certificate openssl x509 -in cert.pem -text -noout openssl x509 -in cert.cer -text -noout openssl x509 -in cert.crt -text -noout If you get the folowing error it means that you are trying to view a DER encoded certifciate and need to use the commands in the “View DER encoded certificate below” unable to load certificate 12626:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE View DER encoded Certificate View DER encoded Certificate ---------------------------- openssl x509 -in certificate.der -inform der -text -noout If you get the following error it means that you are trying to view a PEM encoded certificate with a command meant for DER encoded certs. Use a command in the “View PEM encoded certificate above unable to load certificate 13978:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306: 13978:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509
A .pem format certificate will most likely be ASCII-readable. It will have a line -----BEGIN CERTIFICATE-----
, followed by base64-encoded data, followed by a line -----END CERTIFICATE-----
. There may be other lines before or after.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With