Certificate and key formats

Certificates and keys are stored in the files with various formats.

.pem format

A privacy-enhanced mail (.pem) format file begins and ends with the following lines:

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

A .pem file format supports multiple digital certificates, including a certificate chain. If your organization uses certificate chaining, use this format to create CA certificates.

.arm format

An .arm file contains a base-64 encoded ASCII representation of a certificate, including its public key, not a private key. The .arm file format is generated and used by the IBM® Key Management utility.

.der format

A .der file contains binary data. You can use a.der file for a single certificate, unlike a .pem file, which can contain multiple certificates.

.pfx format (PKCS12)

A PKCS12 file is a portable file that contains a certificate and a corresponding private key. Use this format to convert from one type of SSL implementation to another. For example, you can create and export a PKCS12 file with the IBM Key Management utility. You can then import the file to another workstation with the certTool utility.