Certificate File Formats

Applies To: Windows Server 2008

The type of certificate file formats you use can be based on a combination of security and compatibility concerns. In this version of Windows, you can import and export certificates in the following formats:

• Personal Information Exchange (PKCS #12)

  The Personal Information Exchange format (PFX, also called PKCS #12) enables the transfer of certificates and their corresponding private keys from one computer to another or from a computer to removable media.

  Because exporting a private key might expose it to unintended parties, the PKCS #12 format is the only format supported in this version of Windows for exporting a certificate and its associated private key.

• Cryptographic Message Syntax Standard (PKCS #7)

  The PKCS #7 format enables the transfer of a certificate and all the certificates in its certification path from one computer to another, or from a computer to removable media

• DER Encoded Binary X.509

  DER (Distinguished Encoding Rules) for ASN.1, as defined in ITU-T Recommendation X.509, might be used by certification authorities that are not on computers running Windows Server 2003, so it is supported for interoperability. DER certificate files use the .cer extension.

• Base64 Encoded X.509

  This is an encoding method developed for use with Secure/Multipurpose Internet Mail Extensions (S/MIME), which is a popular, standard method for transferring binary attachments over the Internet.

  Because all MIME-compliant clients can decode Base64 files, this format might be used by certification authorities that are not on computers running Windows Server 2003, so it is supported for interoperability. Base64 certificate files use the .cer extension.

Additional resources

• Import a Certificate

• Export a Certificate

• Export a Certificate with the Private Key

• View the Certificates in a PKCS #7 file