PKI Certificate Tutorials - Herong's Tutorial Examples - v1.12, by Herong Yang
PKI Certificate in DER Format
This section describes the DER (Distinguished Encoding Rules) file format to store PKI certificates.
Since the PKI certificate structure is defined in ASN.1 notations, it is very natural to save a PKI certificate object in DER (Distinguished Encoding Rules) encoding as a binary file. BER (Basic Encoding Rules) encoding is not used, because it may result non-unique outputs.
Here is a certificate file in DER format printed out in Hex digits:
3082021B 308201A1 A0030201 02021041 D29DD172 EAEEA780 C12C6CE9 2F875230 0A06082A 8648CE3D 04030330 4F310B30 09060355 04061302 55533129 30270603 55040A13 20496E74 65726E65 74205365 63757269 74792052 65736561 72636820 47726F75 70311530 13060355 0403130C 49535247 20526F6F 74205832 301E170D 32303039 30343030 30303030 5A170D34 30303931 37313630 3030305A 304F310B 30090603 55040613 02555331 29302706 0355040A 1320496E 7465726E 65742053 65637572 69747920 52657365 61726368 2047726F 75703115 30130603 55040313 0C495352 4720526F 6F742058 32307630 1006072A 8648CE3D 02010605 2B810400 22036200 04CD9BD5 9F80830A EC094AF3 164A3E5C CF77ACDE 67050D1D 07B6DC16 FB5A8B14 DBE27160 C4BA4595 11898EEA 06DFF72A 161CA4B9 C5C532E0 03E01E82 18388BD7 45D80A6A 6EE60077 FB02517D 22D80A6E 9A5B77DF F0FA41EC 39DC75CA 68070C1F EAA34230 40300E06 03551D0F 0101FF04 04030201 06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 147C4296 AEDE4B48 3BFA92F8 9E8CCF6D 8BA97237 95300A06 082A8648 CE3D0403 03036800 30650230 7B794E46 5084C244 87461B45 70FF5899 DEF4FDA4 D255A620 2D74D634 BC41A350 5F012756 B4BE2775 06AF122E 75988DFC 0231008B F5776CD4 C865AAE0 0B2CEE14 9D2737A4 F953A551 E42983D7 F890315B 429F0AF5 FEAE0068 E78C490F B66F5B5B 15F2E7
Here is what we should know about a certificate file in DER format.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
What Is ASN.1 (Abstract Syntax Notation One)
What Is BER (Basic Encoding Rules)
ASN.1 Type Modifier - Type Tagging
What Is DER (Distinguished Encoding Rules)
PKI Certificate Structure in ASN.1 Notations
►PKI Certificate in DER Format
PKI Certificate in Base64 Format
PKI Certificate File Viewer and Decoder
PKI Certificate File ASN.1 Parser
Certificate Wrapped in PKCS7 Formats
Certificate Wrapped in PKCS12 Formats
Certificate File Format Summary
OpenSSL - Cryptography Toolkit
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKCS12 Certificate Bundle File