[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension:v3:en:der":3},{"resolvedFromAlias":4,"canonicalExt":5,"ext":5,"name":6,"category":7,"categoryName":8,"updatedAt":9,"popularity":10,"summary":11,"howToOs":12,"quickAnswer":18,"answerIntro":19,"whatIs":20,"description":21,"furtherReading":22,"openInstructions":41,"commonIssues":54,"securityNotes":73,"faq":77,"aliases":90,"mimeTypes":92,"relatedExtensions":94,"breadcrumbs":140,"categoryAnchor":150,"categoryFuturePath":151,"metaDescription":152,"availableHowToOs":153,"openOnDeviceLinks":154,"cannotOpenReasons":170,"cannotOpenFixes":171,"convertOptions":172,"securityAffiliateMessaging":173,"securityAffiliates":174},false,"der","DER-encoded X.509 Certificate","certificates","Certificates","2026-06-12T09:18:40.304Z",55,".der files most commonly contain binary DER-encoded ASN.1 data, especially X.509 certificates. They are typically opened for inspection or conversion using certificate tools such as OpenSSL.",[13,14,15,16,17],"windows","mac","linux","ios","android","To open .DER files on Windows, install OpenSSL (from a trusted source used in your environment).","To open a .der file, treat it as a binary X.509 certificate and inspect it with OpenSSL (for example, using the x509 command with DER input). If you need it for apps that expect PEM text, convert the DER file to PEM first.",".der commonly refers to Distinguished Encoding Rules (DER), a binary encoding for ASN.1 structures used by X.509 certificates and related PKI objects. X.509 certificates can be stored as DER (binary) or as PEM, which is Base64-encoded DER. Many .der files therefore represent a single X.509 certificate encoded in DER.","DER is a strict binary encoding of ASN.1 data and is widely used in public key infrastructure (PKI). The Internet X.509 PKI certificate profile is specified in RFC 5280 and relies on ASN.1 structures that are commonly encoded using DER.\n\nIn practice, a .der file is often interchangeable (in meaning) with files ending in .cer for certificates, with the key difference being the encoding: .der is typically binary DER, while PEM is a text form that wraps Base64-encoded DER. This is why many tools and guides describe PEM as “Base64-encoded DER” for X.509 objects.\n\nBecause DER is binary, it is not meant to be read in a text editor. Users typically open .der files to inspect certificate fields (subject, issuer, validity, extensions) or to convert them into PEM for use by servers, libraries, or configuration systems that expect PEM input.",[23,26,29,32,35,38],{"title":24,"url":25},"Media Types - IANA (application/pkix-cert)","https://www.iana.org/assignments/media-types/media-types.xhtml",{"title":27,"url":28},"RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile","https://www.rfc-editor.org/info/rfc5280/",{"title":30,"url":31},"OpenSSL Documentation: openssl-x509","https://docs.openssl.org/4.0/man1/openssl-x509/",{"title":33,"url":34},"OpenSSLWiki: DER","https://wiki.openssl.org/index.php/DER",{"title":36,"url":37},"X.509 (Wikipedia)","https://en.wikipedia.org/wiki/X.509",{"title":39,"url":40},"DNSimple Help: Understanding SSL Certificate Files and Formats","https://support.dnsimple.com/articles/ssl-certificate-files-and-formats/",{"windows":42,"macos":45,"linux":48,"ios":50,"android":52},[43,44],"Install OpenSSL (from a trusted source used in your environment).","Open Command Prompt or PowerShell and run: openssl x509 -in yourcert.der -inform DER -text -noout",[46,47],"Open Terminal.","Run: openssl x509 -in yourcert.der -inform DER -text -noout",[49,47],"Open a terminal.",[51],"There is no standard iOS built-in viewer for inspecting DER certificate fields; transfer the file to a desktop and inspect it with OpenSSL.",[53],"There is no standard Android built-in viewer for inspecting DER certificate fields; transfer the file to a desktop and inspect it with OpenSSL.",[55,61,67],{"title":56,"description":57,"steps":58},"OpenSSL says it cannot read the certificate (wrong format)","This often happens when the file is PEM (Base64 text) but you told the tool it is DER, or when the file is not an X.509 certificate at all.",[59,60],"Try reading it as DER explicitly: openssl x509 -in file.der -inform DER -text -noout","If that fails and the file looks like text with BEGIN/END lines, try PEM: openssl x509 -in file.der -inform PEM -text -noout",{"title":62,"description":63,"steps":64},"The system/app expects PEM but you only have DER","Many configurations and libraries accept PEM text files, while .der is binary. PEM is Base64-encoded DER, so you can convert between them.",[65,66],"Convert DER to PEM: openssl x509 -in cert.der -inform DER -out cert.pem -outform PEM","Use the resulting .pem file where the software expects PEM",{"title":68,"description":69,"steps":70},"File extension confusion (.der vs .cer) and certificate import problems","Some environments treat .cer as either DER or PEM depending on content, while .der strongly implies binary DER. Import failures often come from using the wrong encoding for the import tool.",[71,72],"Inspect the file with OpenSSL using the correct input type (DER vs PEM) to confirm what it contains","If needed, convert to PEM or keep as DER depending on what the target importer expects",[74,75,76],".der certificate files typically contain public certificate data, not executable content, but they can still be used in trust decisions; only install/import certificates from sources you trust.","Be cautious about adding a certificate from a .der file to a trusted store: a malicious or incorrectly issued certificate could enable interception or impersonation if trusted.","DER is a binary encoding; prefer well-maintained tooling (such as OpenSSL) to parse it rather than unknown viewers, because malformed ASN.1/DER inputs can trigger parser bugs in some software.",[78,81,84,87],{"question":79,"answer":80},"Is a .der file the same as a .pem file?","They usually represent the same kind of X.509 certificate data, but .der is binary DER encoding, while PEM is Base64-encoded DER in a text format.",{"question":82,"answer":83},"What MIME type is used for DER-encoded X.509 certificates?","A commonly used registered media type for X.509 certificates is application/pkix-cert.",{"question":85,"answer":86},"How do I view the certificate details inside a .der file?","Use OpenSSL: openssl x509 -in file.der -inform DER -text -noout",{"question":88,"answer":89},"Why does my tool say “unable to load certificate” for a .der file?","Most often the tool is trying the wrong encoding (PEM vs DER) or the file is not an X.509 certificate. Verify by reading it with OpenSSL using -inform DER, and if the file is PEM text, use -inform PEM instead.",[91],"cer",[93],"application/pkix-cert",[95,101,107,113,118,123,129,134],{"ext":96,"name":97,"category":7,"categoryName":8,"popularity":98,"summary":99,"howToOs":100},"pfx","Personal Information Exchange (PFX)",78,".pfx is a PKCS #12 (PFX) container used to bundle certificates and (often) the associated private key into a single, typically password-protected file for import/export between systems.",[13,14,15,16,17],{"ext":102,"name":103,"category":7,"categoryName":8,"popularity":104,"summary":105,"howToOs":106},"pem","PEM-encoded Certificate",75,".pem is a text-based container format commonly used to store X.509 certificates, certificate chains, and sometimes private keys in Base64 with BEGIN/END markers. It is widely used by TLS software such as OpenSSL and Apache HTTP Server.",[13,14,15,16,17],{"ext":108,"name":109,"category":7,"categoryName":8,"popularity":110,"summary":111,"howToOs":112},"p12","PKCS#12 Certificate Bundle",65,".p12 is a PKCS #12 (also called PFX) container used to bundle an X.509 certificate chain together with its corresponding private key, typically protected by a password. It’s commonly opened/imported by certificate/key management tools such as Apple Keychain Access and OpenSSL.",[13,14,15,16,17],{"ext":114,"name":115,"category":7,"categoryName":8,"popularity":10,"summary":116,"howToOs":117},"csr","PKCS #10 Certificate Signing Request",".csr files are certificate signing requests used to obtain an X.509 certificate from a certificate authority (CA). They commonly contain a PKCS #10 request encoded as PEM (text) or DER (binary) and can be inspected or generated with OpenSSL.",[13,14,15,16,17],{"ext":119,"name":120,"category":7,"categoryName":8,"popularity":10,"summary":121,"howToOs":122},"p7b","PKCS #7 Certificate Bundle (P7B)",".p7b is a PKCS #7 container most commonly used to bundle X.509 certificates (and sometimes certificate revocation lists) for import or exchange. It typically does not include a private key and is often used in S/MIME and certificate deployment workflows.",[13,14,15,16,17],{"ext":124,"name":125,"category":7,"categoryName":8,"popularity":126,"summary":127,"howToOs":128},"ac","X.509 Attribute Certificate",35,".ac most commonly refers to an X.509 Attribute Certificate (authorization certificate) used in PKIX systems to carry privileges/roles separately from an identity certificate.",[13,14,15,16,17],{"ext":130,"name":131,"category":7,"categoryName":8,"popularity":126,"summary":132,"howToOs":133},"p7s","PKCS #7 / S/MIME Digital Signature (detached signature)",".p7s files are PKCS #7 signature objects most commonly used as detached digital signatures for S/MIME-signed email. You typically open them by verifying the signature in an email client or by inspecting/verifying with OpenSSL.",[13,14,15,16,17],{"ext":135,"name":136,"category":7,"categoryName":8,"popularity":137,"summary":138,"howToOs":139},"p7c","PKCS #7 / CMS certificate container (certs-only SignedData)",25,".p7c is a PKCS #7/CMS container most commonly used to carry X.509 certificates (often a “certs-only”/degenerate SignedData structure). It’s typically opened or inspected with certificate tools or OpenSSL rather than a document viewer.",[13,14,15,16,17],[141,144,147],{"label":142,"to":143},"Home","/",{"label":145,"to":146},"File Extension Index","/file-extension",{"label":148,"to":149},".DER","/file-extension/der","category-certificates","/category/certificates","Learn what .DER files are, how to open them on every platform, common fixes, and security best practices.",[13,14,15,16,17],[155,158,161,164,167],{"os":13,"label":156,"to":157},"Open .DER on Windows","/how-to/open-der-on-windows",{"os":14,"label":159,"to":160},"Open .DER on Mac","/how-to/open-der-on-mac",{"os":15,"label":162,"to":163},"Open .DER on Linux","/how-to/open-der-on-linux",{"os":16,"label":165,"to":166},"Open .DER on iOS","/how-to/open-der-on-ios",{"os":17,"label":168,"to":169},"Open .DER on Android","/how-to/open-der-on-android",[56,62,68],[59,60],[],"untrusted_source",[175,179],{"name":176,"description":177,"affiliateUrl":178},"Avast","Avast offers free and premium antivirus software that protects against viruses, malware, ransomware, and phishing. Scan files before opening them to ensure safety.","https://www.avast.com/lp-aff-consumer-store?expid=inf601",{"name":180,"description":181,"affiliateUrl":182},"Norton","Norton 360 delivers comprehensive antivirus protection, VPN, and identity theft monitoring. Scan files for threats before opening to keep your device secure.","http://buy.norton.com/aff_home?utm_campaign=en-ww_nor_n36_aff_nas_nau_nah_cj_nad_low:_sec_nat_mktc_norton_360"]