Get your FREE copy of "The Ultimate Guide of SSL"

Download Ebook

CER vs. CRT – What’s the Technical Difference & How to Convert Them

An Insight Into the Difference Between SSL/TLS Certificate File Difference

SSL/TLS certificate is not an option. If you’re a website owner, then it’s a must, and if you fail to install SSL/TLS certificate into your website, then getting Not Secure warning message won’t be something that you can avoid.

But when it comes to SSL/TLS certificate along with which one to purchase, there are many other questions, and one among them is different file formats. Yes, you bought the certificate. Now, what. What to do with different file formats that you often come across.

Don’t worry if you’ve ever come across various file formats of SSL/TLS certificates such as CER, CRT, P7S, P7B, PEM, PFX, and P12. If you’re the first-timer, you won’t be able to understand how come these file formats be helpful to you, how you’ll be able to use every single one of it. You might be thinking, does it even make sense, you want to install one certificate, and all you’re getting is these many files.

Usually, to the first-timers, it happens most of the time. They often get confused about what all these are and what to do about it. And, I can bet on it, you also might be having such questions if you’ve encountered any of the files like we’re going to discuss here, CER and CRT. If you’re among those who landed on this article to know the difference between CER and CRT, then yes, you’re at the right place, we’re going to discuss just that.

cer vs cet

CER vs. CRT – How They Differ From Each Other

Generally, CER and CRT are related to SSL/TLS certificate, so there’s not much difference between the two, and both are to the same SSL/TLS certificate. However, they differ in filename extensions – the significant difference. It’s crucial because many servers require your SSL/TLS certificate to be in a specific file format, and they can be either from these different file extensions.

Also, these extensions are used for SSL/TLS certificates, and each is recorded in ASCII PEM or Binary DER formats. CER & CRT both extensions are commonly used among the Unix operating systems.

Format of X.509 Certificate Filename Extensions

From a technical point of view, SSL/TLS certificate formats are one type of X.509 certificate family, even though they’ve different filename formats and extensions. The common ones are:
  • .der, .cer and .crt – It’s generally in Binary DER format, and Base64-encoded certificates are also quite common among them like below one.
  • .pem – It’s an abbreviation of (Privacy-enhanced Electronic Mail) Base64 encoded DER certificate is enclosed between the lines “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–“
  • .p7c and .p7b – PKCS#7 SignedData structure without data. In other words, simply certificate(s) or CRL(s).
  • .p12 – a PKCS#12 file format that may contain the certificate(s) along with public or private keys. Its password protected.
  • .pfx – PFX is the file format that came before PKCS#12. It usually comes with the data in PKCS#12 format, for example, PFX files generated within IIS.

Here’s Why You Must Know How to Convert a Certificate to Another Format

Before we move further into converting a certificate to another correct format, let’s first understand what does it even mean. Different server types are available, and sadly they accept certificate files that are formatted and encoded in a certain manner. For instance, if you’re looking to install an SSL/TLS certificate on your server, you must know which format and extension it accepts. However, there’s good news too. Some servers do accept SSL/TLS certificates in more than one file formats and extensions.

You might be questioning, as mentioned earlier, aren’t they all X.509 certificates. Well, yes. But, the X.509 certificate is one type of digital certificate that makes use of the PKI standard (X.509 v3) for validating that the server is the rightful owner of that associated public key. When you see extensions such as:

  • .der
  • .pem
  • .cer
  • .crt
  • .pfx
  • .pkcs7
  • .p7b
  • .pkcs8
  • .pkcs12
  • .p12
Those who aren’t aware of how SSL/TLS certificate is encoded and presented – Encoding means, coding of data into the format so another system can make use of it. On the other way around, it’s a coding of data so that it can be read and used by another computer.

Also, the most common way of encoding standards is ASCII (American Standard Code for Information Interchange), which is used as an encoding system for files containing text.

Here’s Some of the Used Encoded Style

Commonly used encoding formats are – der (Distinguished Encoding Rules) and pem (Privacy Enhanced Mail).

.der – It’s a binary encoding format, which is viewed as certificate files by Windows. It exports certificates as .der format files along with an extension like .cer or .crt encoding format. It’s viewed as certificate files by Windows, and it exports as .der formatted files along with an extension like .cer or .crt.

.pem – It’s quite amusing to see that PEM couldn’t keep up with the function for which it was designed for. However, it proves helpful as a container format. PEM files are Base64 encoded DER files.

If you’re not able to get it, let’s dig it a little further. A DER file is one type of X.509 digital certificate that encodes binary numbers – 1’s and 0’s. And, Base64 is an encoding scheme of binary-to-text. And PEM file is also a Base64 encoded DER file, which is the same as the X.509 certificate, but its encoded in text and represented as ASCII.

Furthermore, these DER files are not often used outside of Windows. But again, another PEM is a type of container which is for anything, including a digital certificate itself. Also, the entire certificate chain and the keypair. However, .PEM extensions are not recognized all the time by browsers, so many times, you get to see another extension affixed to the end of a PEM or DER files, which are .crt, .cert and .cer.

So, whenever anyone talks about converting that certificate to the correct format, it usually means encoding it or the way of presenting.

Here’s How to Convert Files Extensions CRT to CER

Generally, these two file extensions CRT and CER synonymous. Both are often used interchangeably by only making the difference of the extension. So, if your server requires you to make use of it – .CER file extension, all you need to do is convert it from .CRT extension by merely following the below steps:
  • For opening the certificate, double click on the yourwebsite.crt file.
  • Click on the tab named Display and select the file button Copy.
  • Now in the certificate wizard, click Next.
  • Click on Next after selecting Base-64 encoded X.509 (.CER) file.
  • Locate the certificate file and give the name you want.
  • Lastly, save that file.
Disclosure: AboutSSL appreciates your continuous support. It helps us tremendously to keep moving in the competitive SSL industry. Here most of the links which direct you to buy any SSL/TLS related service or products earns us a certain percentage of referral commission. Learn More