Certificate and key formats
Certificates and keys are stored in the files with various formats.
- .pem format
- A privacy-enhanced mail (.pem) format file begins and ends with
the following lines:
-----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
A
.pem
file format supports multiple digital certificates, including a certificate chain. If your organization uses certificate chaining, use this format to create CA certificates. - .arm format
- An
.arm
file contains a base-64 encoded ASCII representation of a certificate, including its public key, not a private key. The.arm
file format is generated and used by the IBM® Key Management utility. - .der format
- A
.der
file contains binary data. You can use a.der
file for a single certificate, unlike a.pem
file, which can contain multiple certificates. - .pfx format (PKCS12)
- A PKCS12 file is a portable file that contains a certificate and a corresponding private key. Use this format to convert from one type of SSL implementation to another. For example, you can create and export a PKCS12 file with the IBM Key Management utility. You can then import the file to another workstation with the certTool utility.