The PKCS full name is Public-key cryptography standards, a set of standards developed by RSA Labs and other security system developers to promote the development of public key cryptography, and a PKCS currently publishes 15 standards. Commonly used are:
1. Pkcs#7 Cryptographic Message Syntax Standard
2. PKCS#10 Certification Request Standard
3. Pkcs#12 Personal information Exchange Syntax Standard
X.509 is a common generic certificate format. All certificates conform to the ITU-T X509 International standards established for public Key infrastructure (PKI).
1. Pkcs#7 commonly used suffixes are:. p7b. p7c. Spc
2. pkcs#12 commonly used suffixes are:. P12. PFX
3. PKCS#10:. P10 is a certificate request
. der = The extension der is used for binary DER-encoded certificates. These certificates can also be extended with a CER or CRT. The more appropriate term is "I have a DER-encoded certificate" instead of "I have a der Certificate".
. PEM = extension Pem A variety of X.509 v3 certificates for ASCII (BASE64) encoding. The file starts with a line of "-–begin ...".
. CRT = Extension CRT is used for certificates. The certificate can be either der or PEM-encoded. The extension CER is almost synonymous with the CRT. This situation is common in a variety of unix/linux systems.
CER = Microsoft style for CRT certificates. The CRT file can be converted to a CER file using Microsoft Tools (CRT and CER must be the same encoded, der, or Pem). Files with an extension of CER can be identified by IE and invoked as a command to Microsoft's CryptoAPI (specifically Rudll32.exe Cryptext.dll, cyrptextopencer), which then pops up a dialog box to import and/or view the contents of the certificate.
. Key = Extension key is used for PCSK#8 public and private keys. These public and private keys can be either der or PEM-encoded.
CRT files and CER files can be safely substituted for each other only when the same encoding is used.
The suffix of the X.509 PAM encoding (BASE64) is:. Pem. Cer. Crt
PFX/P12 is used to store personal certificates/private keys, he usually contains protection password, 2
. CSR Certificate Request File
JKs (Java key Store): a container for storing keys in Java. can hold n public or private keys at the same time, suffixes are generally. jks or. KeyStore or. Truststore, etc.Strange. No matter what the suffix is, it's a container, and companies or organizations call it different. For example, a container containing only "trusted public key" is stored as a. truststore file. Use the Jdk\bin directory of Keytool.exe to view, import, export, delete, modify passwords and other operations. You can add a password to the JKS container and enter it correctly to manipulate the key in this container.
PFX: The same features as JKS but different file formats, PFX is commonly used in Windows and browsers. You can use some tools to convert a PFX to a JKS format for use by Java programs (such as a bank offering only a PFX, but we want to use httpclient to simulate the automatic access of the browser). It is said that IE exported PFX format is not standard, conversion jks often error, you can try to import and export Netscape Navigator, and then converted. I've had a situation like this.
PKCS#12 is the public key encryption standard, which stipulates that all private keys, public keys, and certificates can be included. It is stored in binary format, also known as a PFX file, that can be imported directly into the key area in Windows, noting that pkcs#12 's KeyStore protection password is also used to protect key.
Key and CRT-> jks:http://baike.soso.com/h481267.htm?sp=l521305
1. OpenSSL pkcs12-export-export-chain-cafile gd_bundle.crt-in server.crt-inkey server.key-out server.p12-name "se RVer "
2. Keytool-rfc-list-keystore Server.p12-storetype PKCS12
3. Keytool-importkeystore-v-srckeystore server.p12-srcstoretype pkcs12-srcstorepass changeit-destkeystore server.ke Ystore-deststoretype Jks-deststorepass Changeit
4. Keytool-list-keystore Server.keystore
The method of adding GoDaddy's SSL domain name certificate in JBoss: http://heylinux.com/archives/1334.html