ssl - Difference between pem, crt, key files - Stack Overflow (https://cdn.sstatic.net/Sites/stackoverflow/Img/favicon.ico?v=ec617d715196) (https://cdn.sstatic.net/Sites/stackoverflow/Img/apple-touch-icon.png?v=c78bd457575a) (https://cdn.sstatic.net/Sites/stackoverflow/Img/apple-touch-icon.png?v=c78bd457575a) (Stack Overflow) (/opensearch.xml) (https://stackoverflow.com/questions/63195304/difference-between-pem-crt-key-files) (https://cdn.sstatic.net/Shared/stacks.css?v=d6a266655a25) (https://cdn.sstatic.net/Sites/stackoverflow/primary.css?v=22fb2cb11723) (Feed for question 'Difference between pem, crt, key files') (/feeds/question/63195304) (https://cdn.sstatic.net/Shared/Channels/channels.css?v=5981bb1a5bd7)  (https://accounts.google.com/gsi/style)  (site logo) Join Stack Overflow    By clicking “Sign up”, you agree to our (/legal/terms-of-service/public) terms of service and acknowledge you have read our (/legal/privacy-policy) privacy policy .  (59e99b481907aca79504282706e4b1db65c79b5bb11a4cbc1d88997106647265) (1) (2.0)      Sign up with Google    Sign up with GitHub     OR (59e99b481907aca79504282706e4b1db65c79b5bb11a4cbc1d88997106647265) (1) () () () () () () Email   Password (8+ characters (at least 1 letter & 1 number))      Sign up      Already have an account? (/users/login) Log in         (59e99b481907aca79504282706e4b1db65c79b5bb11a4cbc1d88997106647265) ()     Skip to main content     (https://stackoverflow.com) Stack Overflow  (https://stackoverflow.co/) About  Products   (https://stackoverflow.co/teams/ai/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav-bar&utm_content=overflowai) OverflowAI    (https://stackoverflow.co/teams/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=stack-overflow-for-teams) Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers   (https://stackoverflow.co/advertising/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=stack-overflow-advertising) Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand   (https://stackoverflow.co/teams/ai/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=overflow-ai) OverflowAI GenAI features for Teams   (https://stackoverflow.co/api-solutions/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=overflow-api) OverflowAPI Train & fine-tune LLMs   (https://stackoverflow.co/labs/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=labs) Labs The future of collective knowledge sharing   (https://stackoverflow.co/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=about-the-company) About the company (https://stackoverflow.blog/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=top-nav&utm_content=blog) Visit the blog    (Search…) ()    Loading…          (https://stackoverflow.com) current community        (https://stackoverflow.com) (Stack Overflow)  Stack Overflow    (https://stackoverflow.com/help) help (https://chat.stackoverflow.com/?tab=site&host=stackoverflow.com) chat     (https://meta.stackoverflow.com) (Meta Stack Overflow)  Meta Stack Overflow      your communities   (https://stackoverflow.com/users/signup?ssrc=site_switcher&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f63195304%2fdifference-between-pem-crt-key-files) Sign up or (https://stackoverflow.com/users/login?ssrc=site_switcher&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f63195304%2fdifference-between-pem-crt-key-files) log in to customize your list.   (https://stackexchange.com/sites) more stack exchange communities  (https://stackoverflow.blog) company blog      (Click to show search)     (https://stackoverflow.com/users/login?ssrc=head&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f63195304%2fdifference-between-pem-crt-key-files) Log in  (https://stackoverflow.com/users/signup?ssrc=head&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f63195304%2fdifference-between-pem-crt-key-files) Sign up      Let's set up your homepage Select a few topics you're interested in:   python javascript c# reactjs java android html flutter c++ node.js typescript css r php angular next.js spring-boot machine-learning sql excel ios azure docker  Or search from our full list:    (Search)        javascript  python  java  c#  php  android  html  jquery  c++  css  ios  sql  mysql  r  reactjs  node.js  arrays  c  asp.net  json  python-3.x  .net  ruby-on-rails  sql-server  swift  django  angular  objective-c  excel  pandas  angularjs  regex  typescript  ruby  linux  ajax  iphone  vba  xml  laravel  spring  asp.net-mvc  database  wordpress  string  flutter  postgresql  mongodb  wpf  windows  amazon-web-services  xcode  bash  git  oracle-database  spring-boot  dataframe  azure  firebase  list  multithreading  docker  vb.net  react-native  eclipse  algorithm  powershell  macos  visual-studio  numpy  image  forms  scala  function  vue.js  performance  twitter-bootstrap  selenium  winforms  kotlin  loops  express  dart  hibernate  sqlite  matlab  python-2.7  shell  rest  apache  entity-framework  android-studio  csv  maven  api  linq  qt  dictionary  unit-testing  asp.net-core  facebook  tensorflow  apache-spark  file  swing  class  unity-game-engine  sorting  date  authentication  go  symfony  t-sql  opencv  matplotlib  .htaccess  google-chrome  for-loop  datetime  codeigniter  http  perl  validation  sockets  google-maps  object  uitableview  xaml  oop  if-statement  visual-studio-code  cordova  ubuntu  web-services  email  android-layout  github  spring-mvc  elasticsearch  kubernetes  selenium-webdriver  ms-access  user-interface  parsing  ggplot2  pointers  google-sheets  machine-learning  c++11  security  google-apps-script  flask  ruby-on-rails-3  templates  nginx  variables  exception  sql-server-2008  gradle  debugging  tkinter  listview  delphi  jpa  asynchronous  pdf  web-scraping  haskell  jsp  ssl  amazon-s3  google-cloud-platform  jenkins  testing  xamarin  wcf  npm  batch-file  generics  ionic-framework  network-programming  unix  recursion  google-app-engine  mongoose  visual-studio-2010  .net-core  android-fragments  assembly  animation  math  next.js  session  svg  hadoop  intellij-idea  curl  django-models  join  rust  winapi  laravel-5  url  heroku  http-redirect  tomcat  google-cloud-firestore  inheritance  webpack  keras  image-processing  gcc  asp.net-mvc-4  logging  dom  web  swiftui  matrix  pyspark  actionscript-3  button  post  optimization  firebase-realtime-database  jquery-ui  iis  cocoa  xpath  d3.js  javafx  firefox  internet-explorer  xslt  caching  select  asp.net-mvc-3  opengl  events  asp.net-web-api  plot  dplyr  magento  encryption  search  stored-procedures  amazon-ec2  ruby-on-rails-4  memory  audio  canvas  multidimensional-array  jsf  random  vector  cookies  redux  input  facebook-graph-api  flash  xamarin.forms  indexing  arraylist  ipad  cocoa-touch  data-structures  video  apache-kafka  model-view-controller  serialization  jdbc  woocommerce  azure-devops  routes  razor  awk  servlets  mod-rewrite  beautifulsoup  docker-compose  excel-formula  filter  iframe  aws-lambda  design-patterns  text  django-rest-framework  visual-c++  cakephp  mobile  android-intent  react-hooks  struct  methods  groovy  mvvm  ssh  lambda  checkbox  ecmascript-6  google-chrome-extension  time  grails  installation  sharepoint  cmake  shiny  spring-security  jakarta-ee  android-recyclerview  plsql  core-data  types  meteor  android-activity  sed  bootstrap-4  websocket  activerecord  graph  replace  scikit-learn  file-upload  group-by  vim  junit  boost  deep-learning  import  sass  memory-management  error-handling  async-await  eloquent  dynamic  soap  silverlight  dependency-injection  charts  layout  apache-spark-sql  deployment  browser  gridview  svn  while-loop  google-bigquery  vuejs2  ffmpeg  dll  highcharts  view  foreach  plugins  makefile  c#-4.0  redis  reporting-services  jupyter-notebook  merge  server  unicode  https  reflection  google-maps-api-3  twitter  oauth-2.0  extjs  pytorch  axios  terminal  pip  split  mysqli  cmd  encoding  django-views  automation  database-design  collections  hash  netbeans  build  data-binding  ember.js  tcp  sqlalchemy  pdo  apache-flex  concurrency  entity-framework-core  command-line  spring-data-jpa  printing  react-redux  java-8  jestjs  service  html-table  lua  neo4j  ansible  material-ui  parameters  module  enums  visual-studio-2012  flexbox  promise  outlook  webview  firebase-authentication  web-applications  uwp  jquery-mobile  utf-8  datatable  python-requests  parallel-processing  drop-down-menu  colors  scroll  hive  scipy  tfs  count  syntax  ms-word  twitter-bootstrap-3  ssis  google-analytics  fonts  three.js  powerbi  rxjs  constructor  graphql  file-io  paypal  discord  cassandra  socket.io  graphics  compiler-errors  gwt  react-router  nlp  solr  url-rewriting  backbone.js  memory-leaks  datatables  oauth  terraform  datagridview  drupal  oracle11g  zend-framework  neural-network  knockout.js  triggers  django-forms  interface  angular-material  google-api  casting  jmeter  linked-list  path  proxy  timer  django-templates  arduino  orm  directory  visual-studio-2015  parse-platform  windows-phone-7  cron  push-notification  conditional-statements  primefaces  functional-programming  pagination  model  jar  xamarin.android  hyperlink  uiview  gitlab  visual-studio-2013  vbscript  google-cloud-functions  azure-active-directory  jwt  download  swift3  sql-server-2005  configuration  process  pygame  rspec  properties  combobox  callback  windows-phone-8  linux-kernel  safari  permissions  scrapy  raspberry-pi  scripting  emacs  clojure  x86  scope  io  compilation  mongodb-query  nhibernate  responsive-design  expo  angularjs-directive  azure-functions  request  bluetooth  dns  3d  binding  reference  discord.js  architecture  playframework  pyqt  version-control  doctrine-orm  package  get  sql-server-2012  rubygems  f#  autocomplete  openssl  datepicker  kendo-ui  tree  jackson  pycharm  controller  yii  nested  grep  xamarin.ios  static  dockerfile  statistics  transactions  datagrid  null  active-directory  uiviewcontroller  webforms  phpmyadmin  discord.py  notifications  computer-vision  sas  duplicates  mocking  youtube  nullpointerexception  yaml  menu  sum  bitmap  blazor  asp.net-mvc-5  electron  visual-studio-2008  time-series  yii2  jsf-2  css-selectors  stl  android-listview  floating-point  cryptography  ant  stream  hashmap  character-encoding  msbuild  sdk  asp.net-core-mvc  google-drive-api  selenium-chromedriver  jboss  joomla  cors  navigation  devise  anaconda  background  camera  multiprocessing  pyqt5  binary  cuda  frontend  linq-to-sql  iterator  mariadb  onclick  plotly  ios7  rabbitmq  android-jetpack-compose  android-asynctask  microsoft-graph-api  tabs  insert  laravel-4  uicollectionview  environment-variables  amazon-dynamodb  linker  console  xsd  coldfusion  upload  continuous-integration  ftp  textview  opengl-es  operating-system  vuejs3  mockito  localization  macros  formatting  xml-parsing  json.net  kivy  type-conversion  data.table  timestamp  calendar  integer  segmentation-fault  android-ndk  drag-and-drop  prolog  char  crash  jasmine  automated-tests  dependencies  geometry  android-gradle-plugin  itext  firebase-cloud-messaging  header  fortran  sprite-kit  mfc  attributes  nuxt.js  nosql  format  azure-pipelines  nestjs  odoo  db2  jquery-plugins  jenkins-pipeline  leaflet  event-handling  flutter-layout  julia  postman  annotations  keyboard  textbox  arm  visual-studio-2017  gulp  libgdx  stripe-payments  xampp  synchronization  crystal-reports  timezone  dom-events  uikit  azure-web-app-service  android-emulator  swagger  wso2  sequelize.js  namespaces  aggregation-framework  uiscrollview  jvm  google-sheets-formula  chart.js  com  subprocess  geolocation  centos  webdriver  snowflake-cloud-data-platform  html5-canvas  garbage-collection  widget  dialog  numbers  concatenation  sql-update  qml  set  windows-10  tuples  mapreduce  smtp  java-stream  ionic2  rotation  modal-dialog  spring-data  android-edittext  http-headers  nuget  doctrine  radio-button  sonarqube  grid  lucene  xmlhttprequest  internationalization  listbox  initialization  switch-statement  components  google-play  apache-camel  boolean  serial-port  ldap  ios5  youtube-api  return  gdb  pivot  latex  eclipse-plugin  frameworks  tags  containers  github-actions  dataset  asp-classic  label  foreign-keys  subquery  c++17  copy  uinavigationcontroller  delegates  google-cloud-storage  migration  struts2  base64  protractor  sql-server-2008-r2  find  embedded  queue  uibutton  arguments  composer-php  append  jaxb  zip  stack  cucumber  autolayout  ide  entity-framework-6  popup  iteration  airflow  tailwind-css  windows-7  r-markdown  ssl-certificate  vb6  gmail  hover  jqgrid  g++  udp         Next You’ll be prompted to create an account to view your personalized homepage.          (/)   Home    (/questions)   Questions    (/tags)    Tags     (/beta/discussions)   Discussions Labs     (https://chat.stackoverflow.com/?tab=all&sort=active)       Chat    (/users)   Users     (/jobs?source=so-left-nav)   Jobs    (https://stackoverflow.com/jobs/companies?so_medium=stackoverflow&so_source=SiteNav)   Companies    Collectives       Communities for your favorite technologies. (/collectives-all) Explore all Collectives     Teams () Ask questions, find answers and collaborate at work with Stack Overflow for Teams.  (https://stackoverflowteams.com/teams/create/free/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=side-bar&utm_content=explore-teams) Try Teams for free (https://stackoverflow.co/teams/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=side-bar&utm_content=explore-teams) Explore Teams   Teams      Ask questions, find answers and collaborate at work with Stack Overflow for Teams. (https://stackoverflow.co/teams/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=side-bar&utm_content=explore-teams-compact) Explore Teams          Collectives™ on Stack Overflow Find centralized, trusted content and collaborate around the technologies you use most. (/collectives) Learn more about Collectives     Teams  Q&A for work Connect and share knowledge within a single location that is structured and easy to search. (https://stackoverflow.co/teams/) Learn more about Teams           (https://cdn.sstatic.net/Sites/stackoverflow/Img/apple-touch-icon.png?v=c78bd457575a) (/questions/63195304/difference-between-pem-crt-key-files) Difference between pem, crt, key files  (/questions/ask) Ask Question     (2020-07-31 16:02:57Z) Asked 4 years, 8 months ago  Modified (?lastactivity) (2025-01-19 15:38:02Z) 2 months ago  (Viewed 295,449 times) Viewed 295k times          This question shows research effort; it is useful and clear  (70:3:31e,16:732c0b7e7d2500d7,10:1743972963,16:0fe3fa305c71d113,8:63195304,e77639f3e16e79df8fb01292c71cd622716b931ea0d5c7bb0e1ee73e5804005b) 163  (This question does not show any research effort; it is unclear or not useful)    (70:3:31e,16:5bbb4b72f6a45a9a,10:1743972963,16:f39afe7fbc2e2a20,8:63195304,ed0eddc82c22a7d3e1eb060927042628fbf8dda995bf12d73461be171484d0e5)      Save this question.  (/posts/63195304/timeline)    Show activity on this post.    I'm having problems understanding the difference between files produced by openssl and how to detect them. For example I'm trying to generate Self-signed cert with private key and generate JKS file from p12
format. I'm googling like a madman but I still don't know how to generate it correctly to be able to use following commands. openssl pkcs12 -export -in user.pem -inkey user.key -certfile user.pem -out testkeystore.p12
keytool -importkeystore -srckeystore testkeystore.p12 -srcstoretype pkcs12 -destkeystore wso2carbon.jks -deststoretype JKS   Source: (https://www.ibm.com/support/pages/how-generate-jks-keystore-existing-private-key) https://www.ibm.com/support/pages/how-generate-jks-keystore-existing-private-key  I found a couple of different commands to generate Self-signed cert and private key but I don't know how to map resulting files to the commands above and whats worse I don't understand what those commands do.
I mean I see what files they generate and understand that certificate and private key used to sign it ( or maybe the other way around :| ) but what is the difference between those commands and is cert.pem === certificate.crt - Those file extensions are driving me crazy. openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem   This is yet another situation where I'm having similar issues with the openssl command. At this point I'm even ready to read some RFC ( I hope it won't come to this :) )  (/questions/tagged/ssl) (show questions tagged 'ssl') ssl  (/questions/tagged/openssl) (show questions tagged 'openssl') openssl  (/questions/tagged/certificate) (show questions tagged 'certificate') certificate  (/questions/tagged/pkcs%2312) (show questions tagged 'pkcs#12') pkcs#12  (/questions/tagged/jks) (show questions tagged 'jks') jks      (/q/63195304) (Short permalink to this question) Share  Share a link to this question     Copy link (https://creativecommons.org/licenses/by-sa/4.0/) (The current license for this post: CC BY-SA 4.0) CC BY-SA 4.0     (/posts/63195304/edit) () Improve this question  Follow (70:3:31e,16:ffb73930109119bd,10:1743972963,16:a769d5ac93375a4d,8:63195304,9ac2ab6142b0ef30fdf8ed756be6d9a0ea38888d7e688dc2e3b2d3cdb575c663)  Follow this question to receive notifications       (/posts/63195304/revisions) (show all edits to this post) edited (2024-04-20 09:10:56Z) Apr 20, 2024 at 9:10    (/users/759866/benmorel) (BenMorel's user avatar)    (/users/759866/benmorel) BenMorel (reputation score 36,702) 36.7k (52 gold badges)  52  52 gold badges (205 silver badges)  205  205 silver badges (337 bronze badges)  337  337 bronze badges     asked (2020-07-31 16:02:57Z) Jul 31, 2020 at 16:02   (/users/680815/sebastian-t) (sebastian_t's user avatar)    (/users/680815/sebastian-t) sebastian_t sebastian_t (reputation score) 2,889 (6 gold badges)  6  6 gold badges (27 silver badges)  27  27 silver badges (41 bronze badges)  41  41 bronze badges        1 (number of 'useful comment' votes received) 2   Informational note: originally Java by default required JKS-format keystore, and thus there are many websites manuals and other documentation giving advice like the IBM link above, as well as many older As on this and other Stacks. Java versions since 8u60 in 2015 can use PKCS12 files as well as JKS, and the conversion step is no longer necessary. – (/users/2868801/dave-thompson-085) (39,144 reputation) dave_thompson_085  Commented (2022-12-24 20:51:24Z, License: CC BY-SA 4.0) Dec 24, 2022 at 20:51   (this comment was edited 1 time)          (Use comments to ask for more information or suggest improvements. Avoid answering questions in comments.) Add a comment |  (Expand to show all comments on this post)          4 Answers 4   Sorted by:  (/questions/63195304/difference-between-pem-crt-key-files?answertab=scoredesc#tab-top) Reset to default   (scoredesc) Highest score (default)  (trending) Trending (recent votes count more)  (modifieddesc) Date modified (newest first)  (createdasc) Date created (oldest first)            This answer is useful  (70:3:31e,16:32895dee18b12bdd,10:1743972963,16:fe3c9f66659625fc,8:63195495,aa65bc71578b1b5808b4cfe950d3df33ad159e12f8ca0b0d0cf26d332a12ac8b) 227  (This answer is not useful)    (70:3:31e,16:102e8aef50d66cdb,10:1743972963,16:32145b55df1b02bb,8:63195495,95adf13dd46d299320e805705f2592eabec3b3aa7f66c38e459198fcb7a7258a)      Save this answer.  (Loading when this answer was accepted…)     (/posts/63195495/timeline)    Show activity on this post.    Those file names represent different parts of the key generation and verification process.  Please note that the names are just convention, you could just as easily call the files pepperoni.pizza and the content will be the same, so do be conscious of how you use the filenames. A brief primer on PKI - Keys come in two halves, a public key and a private key.  The public key can be distributed publicly and widely, and you can use it to verify, but not replicate, information generated using the private key.  The private key must be kept secret. .key files are generally the private key, used by the server to encrypt and package data for verification by clients. .pem files are generally the public key, used by the client to verify and decrypt data sent by servers. PEM files could also be encoded private keys, so check the content if you're not sure. .p12 files have both halves of the key embedded, so that administrators can easily manage halves of keys. .cert or .crt files are the signed certificates -- basically the "magic" that allows certain sites to be marked as trustworthy by a third party. .csr is a certificate signing request, a challenge used by a trusted third party to verify the ownership of a keypair without having direct access to the private key (this is what allows end users, who have no direct knowledge of your website, confident that the certificate is valid).  In the self-signed scenario you will use the certificate signing request with your own private key to verify your private key (thus self-signed).  Depending on your specific application, this might not be needed. (needed for web servers or RPC servers, but not much else). A JKS keystore is a native file format for Java to store and manage some or all of the components above, and keep a database of related capabilities that are allowed or rejected for each key. The commands you list look fine to me, and I don't see a question beyond asking what the different files are for.  If you need more information, please enrich your question.   (/a/63195495) (Short permalink to this answer) Share  Share a link to this answer     Copy link (https://creativecommons.org/licenses/by-sa/4.0/) (The current license for this post: CC BY-SA 4.0) CC BY-SA 4.0     (/posts/63195495/edit) () Improve this answer  Follow (70:3:31e,16:ebfe5c27e8920dd2,10:1743972963,16:94232402fbcc1029,8:63195495,7953cd222ad9f22dfd49d8746c7fdff2f888777365fc586cbf404eb92c05f3ac)  Follow this answer to receive notifications       (/posts/63195495/revisions) (show all edits to this post) edited (2023-01-18 10:35:15Z) Jan 18, 2023 at 10:35    (/users/1306012/bruno-bieri) (Bruno Bieri's user avatar)    (/users/1306012/bruno-bieri) Bruno Bieri (reputation score 10,256) 10.3k (11 gold badges)  11  11 gold badges (66 silver badges)  66  66 silver badges (96 bronze badges)  96  96 bronze badges     answered (2020-07-31 16:15:48Z) Jul 31, 2020 at 16:15   (/users/1168588/paulprogrammer) (PaulProgrammer's user avatar)    (/users/1168588/paulprogrammer) PaulProgrammer PaulProgrammer (reputation score 17,722) 17.7k (4 gold badges)  4  4 gold badges (45 silver badges)  45  45 silver badges (60 bronze badges)  60  60 bronze badges        9 (number of 'useful comment' votes received) 1   Thanks for the thorough reply. After running openssl req -x509 ... command I got 2 files that contents begin with -----BEGIN one has PRIVATE KEY and other CERTIFICATE next. On stackoverflow.com/questions/991758/… I found that -----BEGIN means that I'm dealing with PEM format. Does this apply here to both of those files? – (/users/680815/sebastian-t) (2,889 reputation) sebastian_t  Commented (2020-07-31 17:03:21Z, License: CC BY-SA 4.0) Jul 31, 2020 at 17:03      (number of 'useful comment' votes received) 2   Yes, PEM format, but by convention, the one that says "PRIVATE KEY" is usually named .key . – (/users/1168588/paulprogrammer) (17,722 reputation) PaulProgrammer  Commented (2020-08-01 03:03:03Z, License: CC BY-SA 4.0) Aug 1, 2020 at 3:03      (number of 'useful comment' votes received) 33   According to (https://crypto.stackexchange.com/a/43700) this answer , .crt keeps a signed certificate, whereas .csr is the certificate signing request. Also, .pem just indicates that the content (can be a key, certificate, ...) is Base64 encoded. – (/users/2074869/wolfson) (1,417 reputation) Wolfson  Commented (2021-04-29 09:50:01Z, License: CC BY-SA 4.0) Apr 29, 2021 at 9:50   (this comment was edited 1 time)        (number of 'useful comment' votes received) 1   .key files are generally the private key, used by the server to encrypt Isn't encryption normallly done by a public key and decryption done by a private key? You're saying the exact opposite here. – (/users/169513/mugen) (1,589 reputation) Mugen  Commented (2022-02-24 04:23:46Z, License: CC BY-SA 4.0) Feb 24, 2022 at 4:23        @Mugen PKI is weird in this way.  Server encrypts to the public key using the private key for verification.  Client uses the public key to encrypt data to the server for privacy. – (/users/1168588/paulprogrammer) (17,722 reputation) PaulProgrammer  Commented (2022-03-06 17:36:27Z, License: CC BY-SA 4.0) Mar 6, 2022 at 17:36        (Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”.)  |  (Expand to show all comments on this post) Show 4 more comments             This answer is useful  (70:3:31e,16:58258782c0a52c64,10:1743972963,16:e7cddc5e6ee95b1a,8:71024854,02f130a2f2231679a36b2a458d673d712d9e90bf0b29867e5f335153e69af717) 118  (This answer is not useful)    (70:3:31e,16:80b882df1f8a8eaf,10:1743972963,16:dfdf43e62d8dbce3,8:71024854,a84b79faaf5d89111860d5762dca9b372149e68171b0878d6144ca766e7973b3)      Save this answer.  (Loading when this answer was accepted…)     (/posts/71024854/timeline)    Show activity on this post.    .key is the private key. This is accessible the key owner and no one else. .csr is the certificate request. This is a request for a certificate authority to sign the key. (The key itself is not included.) .crt is the certificate produced by the certificate authority that verifies the authenticity of the key. (The key itself is not included.) This is given to other parties, e.g. HTTPS client. .pem is a text-based container using base-64 encoding. It could be any of the above files. -----BEGIN EXAMPLE-----
...
-----END EXAMPLE-----   .p12 is a PKCS12 file, which is a container format usually used to combine the private key and certificate. There isn't only one extension. For example you may see certificates with either the .crt or a .pem extension.   (/a/71024854) (Short permalink to this answer) Share  Share a link to this answer     Copy link (https://creativecommons.org/licenses/by-sa/4.0/) (The current license for this post: CC BY-SA 4.0) CC BY-SA 4.0     (/posts/71024854/edit) () Improve this answer  Follow (70:3:31e,16:0d8df05f6c9e5a8b,10:1743972963,16:a6c68d6108419741,8:71024854,b3e8a1d98cf2101f41b5ae9d0f250f3227538b118e74c602a1f722e0548faadc)  Follow this answer to receive notifications       answered (2022-02-07 20:17:48Z) Feb 7, 2022 at 20:17   (/users/1212596/paul-draper) (Paul Draper's user avatar)    (/users/1212596/paul-draper) Paul Draper Paul Draper (reputation score 83,551) 83.6k (53 gold badges)  53  53 gold badges (214 silver badges)  214  214 silver badges (301 bronze badges)  301  301 bronze badges           (Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”.) Add a comment |  (Expand to show all comments on this post)          This answer is useful  (70:3:31e,16:29ff61291357f620,10:1743972963,16:3c9a7a9508d42427,8:75044720,97b0f7ccf6b65b3826189499a997d1bb3c95f13b946ca93fa63ab0ff1325270e) 7  (This answer is not useful)    (70:3:31e,16:d041630dd42e4677,10:1743972963,16:3129bed9df76e82b,8:75044720,889535c84c266c8b264f2c2c3d0771298e5b233b0c86c416d68c5a6ca89c8bbf)      Save this answer.  (Loading when this answer was accepted…)     (/posts/75044720/timeline)    Show activity on this post.    Just to add more info: .der , another (binary) encoding (either public or private key, or csr)   (/a/75044720) (Short permalink to this answer) Share  Share a link to this answer     Copy link (https://creativecommons.org/licenses/by-sa/4.0/) (The current license for this post: CC BY-SA 4.0) CC BY-SA 4.0     (/posts/75044720/edit) () Improve this answer  Follow (70:3:31e,16:1cf2dd460872d16c,10:1743972963,16:5912b501b99591fd,8:75044720,d4780231893c35d7cb846f8eec647552f6c0b2d347eed237efd87fbccef16a99)  Follow this answer to receive notifications       answered (2023-01-08 00:27:20Z) Jan 8, 2023 at 0:27   (/users/4538857/joseph-riopelle) (Joseph Riopelle's user avatar)    (/users/4538857/joseph-riopelle) Joseph Riopelle Joseph Riopelle (reputation score) 179 (2 silver badges)  2  2 silver badges (6 bronze badges)  6  6 bronze badges           (Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”.) Add a comment |  (Expand to show all comments on this post)              This answer is useful  (70:3:31e,16:06a31752aa72f63a,10:1743972963,16:d49636690be29f93,8:79369229,b18ec8755ba7964ac45dd96d6402e0c16e442b4c6949aba09ac65f8a32b16d02) 0  (This answer is not useful)    (70:3:31e,16:10bd126ad48286b9,10:1743972963,16:b2ec79822a0baf54,8:79369229,9fadc79b4de68d60ca82615f031a717e1d14a54db8028c9af1c1909613cd8aed)      Save this answer.  (Loading when this answer was accepted…)     (/posts/79369229/timeline)    Show activity on this post.    After I've created this question a few years has passed and I had to generate an SSL certificate for docker and it turned out once again I had huge problems wrapping my head around it. I've decided to create a cli generator as a practice ( in PHP but wrapped in docker )
and it definitely helped me better understand what I was dealing with. If after going through all the answers you are still having problems I would recommend checking out an advanced example in my project (https://github.com/tarach/self-signed-ssl-generator?tab=readme-ov-file#advanced-examples) https://github.com/tarach/self-signed-ssl-generator?tab=readme-ov-file#advanced-examples because file types are only half of the fun if it comes to SSL certs. 😅   (/a/79369229) (Short permalink to this answer) Share  Share a link to this answer     Copy link (https://creativecommons.org/licenses/by-sa/4.0/) (The current license for this post: CC BY-SA 4.0) CC BY-SA 4.0     (/posts/79369229/edit) () Improve this answer  Follow (70:3:31e,16:2ae9bedc4c3fb9e6,10:1743972963,16:0913689a8dd90afa,8:79369229,e3bfabf9ab270e74a64ea0351cb497903fa29781b027241a3bb9da49625a9ddb)  Follow this answer to receive notifications       answered (2025-01-19 15:38:02Z) Jan 19 at 15:38   (/users/680815/sebastian-t) (sebastian_t's user avatar)    (/users/680815/sebastian-t) sebastian_t sebastian_t (reputation score) 2,889 (6 gold badges)  6  6 gold badges (27 silver badges)  27  27 silver badges (41 bronze badges)  41  41 bronze badges           (Use comments to ask for more information or suggest improvements. Avoid comments like “+1” or “thanks”.) Add a comment |  (Expand to show all comments on this post)       (63195304) (false) () (0) Your Answer  (True)                                                    Thanks for contributing an answer to Stack Overflow! Please be sure to answer the question . Provide details and share your research!  But avoid … Asking for help, clarification, or responding to other answers. Making statements based on opinion; back them up with references or personal experience.  To learn more, see our (/help/how-to-answer) tips on writing great answers .      Draft saved Draft discarded  (59e99b481907aca79504282706e4b1db65c79b5bb11a4cbc1d88997106647265)   Sign up or (/users/login?ssrc=question_page&returnurl=https%3a%2f%2fstackoverflow.com%2fquestions%2f63195304%2fdifference-between-pem-crt-key-files%23new-answer) log in       Sign up using Google     Sign up using Email and Password   (false) (false) Submit Post as a guest Name () ()    Email Required, but never shown   () ()       Post as a guest Name () ()     Email Required, but never shown   () ()       Post Your Answer  Discard  By clicking “Post Your Answer”, you agree to our (https://stackoverflow.com/legal/terms-of-service/public) terms of service and acknowledge you have read our (https://stackoverflow.com/legal/privacy-policy) privacy policy .(1)     Start asking to get answers Find the answer to your question by asking. (/questions/ask) Ask question   Explore related questions (/questions/tagged/ssl) (show questions tagged 'ssl') ssl  (/questions/tagged/openssl) (show questions tagged 'openssl') openssl  (/questions/tagged/certificate) (show questions tagged 'certificate') certificate  (/questions/tagged/pkcs%2312) (show questions tagged 'pkcs#12') pkcs#12  (/questions/tagged/jks) (show questions tagged 'jks') jks    See similar questions with these tags.      The Overflow Blog      (https://stackoverflow.blog/2025/04/03/from-training-to-inference-the-new-role-of-web-data-in-llms/?cb=1) From training to inference: The new role of web data in LLMs       (https://stackoverflow.blog/2025/04/04/is-ai-a-bubble-or-a-revolution-the-answer-is-yes/?cb=1) Is AI a bubble or a revolution? The answer is yes.   Featured on Meta  (Meta Stack Exchange)   (https://meta.stackexchange.com/questions/407927/changes-to-reporting-for-the-status-review-escalation-process?cb=1) Changes to reporting for the [status-review] escalation process   (Meta Stack Overflow)   (https://meta.stackoverflow.com/questions/421831/policy-generative-ai-e-g-chatgpt-is-banned?cb=1) Policy: Generative AI (e.g., ChatGPT) is banned   (Meta Stack Overflow)   (https://meta.stackoverflow.com/questions/433466/a-discussion-about-closed-and-potentially-useful-posts-on-stack-overflow?cb=1) A discussion about closed (and potentially useful) posts on Stack Overflow              Related (https://stackoverflow.com/q/991758?rq=3) (Question score (upvotes - downvotes)) 824  (https://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-files?rq=3) How to get .pem file from .key and .crt files?  (https://stackoverflow.com/q/2292495?rq=3) (Question score (upvotes - downvotes)) 247  (https://stackoverflow.com/questions/2292495/what-is-the-difference-between-a-cer-pvk-and-pfx-file?rq=3) What is the difference between a cer, pvk, and pfx file?  (https://stackoverflow.com/q/5355046?rq=3) (Question score (upvotes - downvotes)) 67  (https://stackoverflow.com/questions/5355046/where-is-the-pem-file-format-specified?rq=3) Where is the PEM file format specified?  (https://stackoverflow.com/q/20390138?rq=3) (Question score (upvotes - downvotes)) 0  (https://stackoverflow.com/questions/20390138/how-do-pem-and-der-certificates-work-in-openssl?rq=3) How do PEM and DER certificates work in openSSL?  (https://stackoverflow.com/q/25985137?rq=3) (Question score (upvotes - downvotes)) 4  (https://stackoverflow.com/questions/25985137/difference-between-pem-and-pb7-p12-formats?rq=3) Difference between .pem and .pb7, .p12 formats  (https://stackoverflow.com/q/40513919?rq=3) (Question score (upvotes - downvotes)) 3  (https://stackoverflow.com/questions/40513919/what-is-a-p12-cer-csr-jks-pem-file?rq=3) What is a .p12, .cer, .csr, .jks, .pem file?  (https://stackoverflow.com/q/43384627?rq=3) (Question score (upvotes - downvotes)) 14  (https://stackoverflow.com/questions/43384627/how-to-get-rsa-key-from-begin-certificate-from-crt-and-pem-file?rq=3) How to get RSA key from -----BEGIN CERTIFICATE----- from.crt and .pem file?  (https://stackoverflow.com/q/54198720?rq=3) (Question score (upvotes - downvotes)) 3  (https://stackoverflow.com/questions/54198720/can-extensions-pem-and-crt-be-used-interchangeably?rq=3) Can extensions .pem and .crt be used interchangeably?  (https://stackoverflow.com/q/57325127?rq=3) (Question score (upvotes - downvotes)) 0  (https://stackoverflow.com/questions/57325127/how-can-these-pem-files-including-chain-be-converted-to-key-and-crt-files?rq=3) How can these PEM files (including chain) be converted to KEY and CRT files?  (https://stackoverflow.com/q/68340665?rq=3) (Question score (upvotes - downvotes)) 11  (https://stackoverflow.com/questions/68340665/pem-file-has-two-certificates-what-does-it-mean?rq=3) .pem file has two certificates, what does it mean    (https://stackexchange.com/questions?tab=hot) Hot Network Questions   (Physics Stack Exchange)  (https://physics.stackexchange.com/questions/847007/intuition-for-maupertuis-action-and-the-principle-of-least-action) Intuition for Maupertuis' action and the principle of least action   (Mathematica Stack Exchange)  (https://mathematica.stackexchange.com/questions/312019/mathematica-frequently-fails-to-import-seemingly-valid-json) Mathematica frequently fails to import seemingly valid JSON   (History Stack Exchange)  (https://history.stackexchange.com/questions/77639/did-jules-verne-not-know-how-high-the-rockies-are) Did Jules Verne not know how high the Rockies are?   (Ask Ubuntu)  (https://askubuntu.com/questions/1545188/unable-to-save-images-from-web-browsers-firefox-and-chromium-based-to-local-ma) Unable to save images from web browsers (Firefox and Chromium-based) to local machine   (Worldbuilding Stack Exchange)  (https://worldbuilding.stackexchange.com/questions/265684/how-the-rectocrus-walks) How the Rectocrus walks   (Code Golf Stack Exchange)  (https://codegolf.stackexchange.com/questions/279050/efficiently-navigate-a-6-sided-die) Efficiently navigate a 6 sided die   (Academia Stack Exchange)  (https://academia.stackexchange.com/questions/217732/desk-reject-of-a-revised-manuscript) Desk reject of a revised manuscript?   (MathOverflow)  (https://mathoverflow.net/questions/490492/history-of-invariant-types-in-model-theory) History of invariant types in model theory   (Law Stack Exchange)  (https://law.stackexchange.com/questions/108164/who-is-responsible-for-diagnosing-issues-in-a-rental-property) Who is responsible for diagnosing issues in a rental property?   (Christianity Stack Exchange)  (https://christianity.stackexchange.com/questions/105767/how-does-calvinism-explain-paul-and-silas-response-to-the-philippian-jailer-and) How does Calvinism explain Paul and Silas' response to the Philippian jailer and the "persuading" of men?   (Stack Overflow)  (https://stackoverflow.com/questions/79555310/implicit-declaration-of-standard-function-in-c) Implicit declaration of standard function in C   (Retrocomputing Stack Exchange)  (https://retrocomputing.stackexchange.com/questions/31545/what-is-the-origin-of-corruption-in-rom-memories) What is the origin of corruption in ROM memories?   (Science Fiction & Fantasy Stack Exchange)  (https://scifi.stackexchange.com/questions/295889/why-the-title-world-enough-and-time-for-the-doctor-who-episode) Why the title "World Enough and Time" for the Doctor Who episode?   (Movies & TV Stack Exchange)  (https://movies.stackexchange.com/questions/125017/what-language-is-captain-america-speaking-when-talking-to-batroc-in-winter-soldi) What language is Captain America speaking when talking to Batroc in Winter Soldier?   (Puzzling Stack Exchange)  (https://puzzling.stackexchange.com/questions/131301/what-was-the-checkmating-move) What was the checkmating move?   (Physics Stack Exchange)  (https://physics.stackexchange.com/questions/847010/what-is-the-assumption-of-instantaneous-collision-for) What is the assumption of instantaneous collision for?   (Movies & TV Stack Exchange)  (https://movies.stackexchange.com/questions/125022/in-airplane-1980-a-747-crashes-through-a-large-window-where-else-does-this) In "Airplane" (1980) a 747 crashes through a large window. Where else does this effect appear?   (Worldbuilding Stack Exchange)  (https://worldbuilding.stackexchange.com/questions/265751/is-it-possible-the-homo-genus-could-evolve-if-magically-all-of-earths-fossil) Is it possible the homo genus could evolve if, magically, all of earth's fossil fuels had been burned within a 1000 year span?   (TeX - LaTeX Stack Exchange)  (https://tex.stackexchange.com/questions/740359/what-is-causing-this-extra-line-spacing) What is causing this extra line spacing?   (Aviation Stack Exchange)  (https://aviation.stackexchange.com/questions/108337/why-are-compressor-blades-arranged-on-a-drum-and-turbine-blades-are-arranged-o) Why are compressor blades arranged on a "drum" and turbine blades are arranged on "discs"   (Academia Stack Exchange)  (https://academia.stackexchange.com/questions/217712/is-it-normal-that-a-professor-in-a-class-i-am-taking-asks-to-design-a-graduate-c) Is it normal that a professor in a class I am taking asks to design a graduate course in return of 40% of the course grades?   (Bicycles Stack Exchange)  (https://bicycles.stackexchange.com/questions/96490/what-causes-this-level-of-dry-rot) What causes THIS level of dry rot?   (Unix & Linux Stack Exchange)  (https://unix.stackexchange.com/questions/793356/user-permissions-on-shared-files-in-dual-boot-system-windows-linux-unable-to) User permissions on shared files in dual boot system (Windows, Linux): unable to edit shared file on Linux   (Academia Stack Exchange)  (https://academia.stackexchange.com/questions/217773/my-former-university-is-trying-to-have-its-name-removed-from-my-papers-probably) My former university is trying to have its name removed from my papers (probably as revenge for whistleblowing). How to proceed?     (/feeds/question/63195304) (Feed of this question and its answers)   Question feed   Subscribe to RSS  Question feed To subscribe to this RSS feed, copy and paste this URL into your RSS reader.   (https://stackoverflow.com/feeds/question/63195304)            ()       (https://stackoverflow.com)      (https://stackoverflow.com) Stack Overflow  (/questions) Questions  (/help) Help  (https://chat.stackoverflow.com/?tab=site&host=stackoverflow.com) Chat    (https://stackoverflow.co/) Products  (https://stackoverflow.co/teams/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=footer&utm_content=teams) Teams  (https://stackoverflow.co/advertising/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=footer&utm_content=advertising) Advertising  (https://stackoverflow.co/advertising/employer-branding/?utm_medium=referral&utm_source=stackoverflow-community&utm_campaign=footer&utm_content=talent) Talent    (https://stackoverflow.co/) Company  (https://stackoverflow.co/) About  (https://stackoverflow.co/company/press/) Press  (https://stackoverflow.co/company/work-here/) Work Here  (https://stackoverflow.com/legal) Legal  (https://stackoverflow.com/legal/privacy-policy) Privacy Policy  (https://stackoverflow.com/legal/terms-of-service/public) Terms of Service  (/contact) Contact Us  Your Privacy Choices     (https://stackoverflow.com/legal/cookie-policy) Cookie Policy    (https://stackexchange.com) Stack Exchange Network  (https://stackexchange.com/sites#technology) Technology   (https://stackexchange.com/sites#culturerecreation) Culture & recreation   (https://stackexchange.com/sites#lifearts) Life & arts   (https://stackexchange.com/sites#science) Science   (https://stackexchange.com/sites#professional) Professional   (https://stackexchange.com/sites#business) Business   (https://api.stackexchange.com/) API   (https://data.stackexchange.com/) Data       (https://stackoverflow.blog?blb=1) Blog  (https://www.facebook.com/officialstackoverflow/) Facebook  (https://twitter.com/stackoverflow) Twitter  (https://linkedin.com/company/stack-overflow) LinkedIn  (https://www.instagram.com/thestackoverflow) Instagram   Site design / logo © 2025 Stack Exchange Inc;  user contributions licensed under  (https://stackoverflow.com/help/licensing) CC BY-SA .  rev 2025.4.4.24803