Open-The-File.com

Find how to open any file type

.CER file extension

To open .CER files on Windows, double-click the .cer file to open it in the Windows certificate viewer and review the Subject, Issuer, validity dates, and fingerprints.

To open a .CER file, treat it as an X.509 certificate: on Windows or macOS you can usually double-click it to view details, or import it into the system keychain/certificate store. On Linux, use OpenSSL to inspect it and convert between DER and PEM if needed.

HomeExtension IndexCertificates in indexCertificates category page

Last updated: April 29, 2026 · Reviewed by Julian Stricker

Open on your device

Choose your operating system for a dedicated step-by-step opening guide.

How to open .CER files

Use these platform-specific instructions to open .CER files safely.

Windows

  1. Double-click the .cer file to open it in the Windows certificate viewer and review the Subject, Issuer, validity dates, and fingerprints.
  2. If you need to install it, use the viewer’s install/import option and choose the correct certificate store (for example, Current User vs. Local Machine).
  3. If it won’t open, inspect it with OpenSSL (see Linux steps) to determine whether it is DER or PEM and convert if necessary.
Full Windows guide

Mac

  1. Double-click the .cer file to open it in Keychain Access (or import via Keychain Access) and view certificate details.
  2. Choose the appropriate keychain (for example, login or System) when importing if you intend to trust it system-wide.
  3. If the file fails to import, use OpenSSL to detect whether it is DER or PEM and convert it before importing.
Full Mac guide

Linux

  1. Use OpenSSL to view certificate details: run "openssl x509 -in file.cer -text -noout" (add "-inform DER" if it is DER-encoded).
  2. If you need PEM output, convert with OpenSSL: "openssl x509 -in file.cer -inform DER -out file.pem -outform PEM" (or omit -inform DER if the input is already PEM).
  3. If you need to install it for system trust, use your distribution’s trust store tooling (after confirming it is a CA certificate and intended for trust).
Full Linux guide

iOS

  1. Open the .cer file in the Files app to start the certificate installation flow (if offered), then review and install only if you explicitly trust the certificate’s source and purpose.
  2. If iOS does not offer an install flow or you only need to inspect details, transfer the file to a desktop and open it with the system certificate viewer or OpenSSL.
Full iOS guide

Android

  1. Android support varies by version/device; if the system does not let you view/import it from a file manager, transfer the .cer to a desktop and inspect it with the OS certificate viewer or OpenSSL.
  2. If you are installing it for Wi‑Fi/VPN or user credential use, use the device’s certificate install feature (often under Security) only when you understand why it is required.
Full Android guide

Security notes

  • A .CER file is typically a certificate (public information), but importing it into your trust store can change what your device considers “trusted.” Only install certificates when you fully understand who issued them and why you need them.
  • Before trusting a certificate, verify key details (Subject/Issuer, validity dates, and fingerprint) using a built-in certificate viewer or OpenSSL’s x509 tool, especially if the file came via email or chat.
  • Be cautious with “root” or “CA” certificates: trusting a malicious CA can enable interception of TLS/HTTPS traffic. Treat requests to install a new trusted root as high risk unless it is from a legitimate administrator and you can verify it independently.

Recommended antivirus software

Scan files before opening them. These antivirus tools help protect against malware and viruses.

Avast

Avast offers free and premium antivirus software that protects against viruses, malware, ransomware, and phishing. Scan files before opening them to ensure safety.

Norton

Norton 360 delivers comprehensive antivirus protection, VPN, and identity theft monitoring. Scan files for threats before opening to keep your device secure.

We may earn a commission when you use affiliate links. This supports our free file extension guides.

Can't open this file?

These are the most common causes and fixes when .CER files fail to open.

Common reasons

  • The .CER file won’t open or import
  • It imports, but the certificate is not trusted / shows warnings
  • The certificate is expired or not yet valid
  • You expected a private key, but the .CER has only a public certificate

Fix steps

  1. Check whether the file is PEM (it often contains a header like "BEGIN CERTIFICATE") or DER (binary).
  2. Use OpenSSL to test and display it: "openssl x509 -in file.cer -text -noout" and retry with "-inform DER" if needed.
  3. If necessary, convert to the expected form using OpenSSL and then try importing again.

OS-specific troubleshooting

What is a .CER file?

.CER most commonly stores an X.509/PKIX certificate, often encoded as ASN.1 DER (binary) or Base64-encoded PEM. The related IANA media type for such certificates is application/pkix-cert (registered by PKIX; see RFC 2585). These certificates are defined by the Internet X.509 Public Key Infrastructure profile (RFC 5280).

Background

X.509 certificates are widely used in PKI (public key infrastructure) to bind a public key to an identity (such as a domain name, organization, or individual) using digital signatures. In practice, certificate files are often distributed with extensions like .cer, .crt, or .der, and may be either DER (binary) or Base64-encoded forms.

Common MIME types: application/pkix-cert

Further reading

Authoritative resources for more details on the .CER format.

Common .CER issues

The .CER file won’t open or import

A common cause is a mismatch between the file’s actual encoding (DER vs. PEM/Base64) and what the viewer/importer expects, or the file is not a certificate at all.

  1. Check whether the file is PEM (it often contains a header like "BEGIN CERTIFICATE") or DER (binary).
  2. Use OpenSSL to test and display it: "openssl x509 -in file.cer -text -noout" and retry with "-inform DER" if needed.
  3. If necessary, convert to the expected form using OpenSSL and then try importing again.

It imports, but the certificate is not trusted / shows warnings

Trust depends on whether the certificate chains to a trusted CA and whether it is appropriate to add to a trust store (for example, end-entity certificates should not usually be added as trusted roots).

  1. Verify the Issuer and whether the certificate chains to a known, trusted CA; review fingerprints and validity dates before trusting it.
  2. Do not add an end-entity certificate as a trusted root; only install CA certificates when you have an explicit, verified reason.
  3. If you are missing intermediate certificates, obtain them from the legitimate administrator/provider and install as instructed.

The certificate is expired or not yet valid

X.509 certificates have validity periods; an expired or not-yet-valid certificate will be rejected by many systems and applications.

  1. Check the Not Before/Not After fields in the certificate viewer or via OpenSSL output.
  2. Request or download an updated certificate from the legitimate issuer/administrator.
  3. Confirm your device clock is correct before diagnosing further.

You expected a private key, but the .CER has only a public certificate

.CER commonly contains only the public certificate. Private keys are typically stored separately (often in other formats) and should not be shared.

  1. If you need to deploy a certificate plus private key, obtain it through the correct secure process (do not ask for or email private keys).
  2. Use OpenSSL to confirm content: a certificate will parse with "openssl x509"; a private key would require key-specific commands and is usually not in a .cer.
  3. If you received a certificate from a service (for example, a platform account portal), follow that platform’s documented install steps.

FAQ

Is a .CER file the same as .CRT or .DER?

They are often used for the same kind of content (X.509 certificates). The difference is frequently the encoding: DER is binary, while many “.cer/.crt” files may be Base64 (PEM) or DER depending on how they were exported.

How can I tell whether my .CER is PEM or DER?

Open it in a text editor: PEM is readable text and typically includes a "BEGIN CERTIFICATE" header; DER will look like binary data. You can also test with OpenSSL and add "-inform DER" if the default fails.

Can a .CER contain a private key?

Typically no—.CER most commonly contains only an X.509 certificate (public key and identity information). Private keys are usually stored and distributed separately and should be protected.

What is the MIME type for .CER certificates?

The IANA-registered media type for X.509/PKIX certificates is application/pkix-cert (see the registration referenced by RFC 2585).

Similar file extensions

Compare related formats in the same category to find the right tool faster.