PEM file format |
Top Previous Next |
|
The file format used for sending and storing certificates is the de facto standard PEM format. This format is designed to be safe for inclusion in both ASCII and rich-text documents, such as emails. This means that it is possible to copy and paste the content of a PEM file to another document and back.
The PEM format is the standard format for OpenSSL and many other SSL tools. Some sources refer to the format as Base64 encoded X.509.
The PEM format defines 3 elements: 1. A one-line header, consisting of "-----BEGIN", a label, and "-----". 2. Base64 encoded binary data. 3. A one-line footer, consisting of "-----END", a label, and "-----"
The label determine the type of message encoded. Common labels include "CERTIFICATE" and "PRIVATE KEY".
For example, a certificate would be stored as: -----BEGIN CERTIFICATE-----
Multiple messagesA PEM file may contain multiple messages, which is used among other things to provide a certificate chain or to combine the certificate and the private key in a single file. To make a PEM file with a valid certificate chain, each certificate in the file must be followed by a certificate that certifies it until the root certificate is reached (see the certificate_list in RFC 4346, section 7.4.2).
|