When dealing with SSL certificates, you’ll come across different certificate extensions. A file extension is a designation at the end of a file. For example, a certificate named “yourdomain.crt” has a certificate extension of “.crt” The”*” we put in front means that the name before the period could be anything. It’s only what is after the period that matters for identification of extension type. 

Below is a list of certificate extensions:

*.CSR – Certificate Signing Request – a block of encoded text with your contact data you must generate and submit to the CA during the SSL ordering process.

*CER or *CRT – Base64-encoded X.509 Certificate – stores a single certificate. This format does not support the storage of private keys.

*.PFX or *.P12 – Personal Information Exchange Format – stores private and public keys and all certificates in the path. Used to export a certificate and retain full private key functionality.

*.DER – DER-encoded binary X.509 Certificate – stores a single certificate. This format does not support the storage of private keys.

*.P7B or *.P7R or *.SPCCryptographic Message Syntax Standard – storage of all certificates in the path and does not store private keys.

*PEM – Privacy-Enhanced Mail – concatenated (combined) certificate containers frequently used in certificate installations when multiple certificates that form a complete chain are being imported as a single file.

*.CRL – Certificate Revocation List – designates a certificate that has been revoked.

Learn more about certificate formats and conversion tools with our detailed guide.