[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension:v3:en:p7b":3},{"resolvedFromAlias":4,"canonicalExt":5,"ext":5,"name":6,"category":7,"categoryName":8,"updatedAt":9,"popularity":10,"summary":11,"howToOs":12,"quickAnswer":18,"answerIntro":19,"whatIs":20,"description":21,"furtherReading":22,"openInstructions":38,"commonIssues":52,"securityNotes":71,"faq":75,"aliases":88,"mimeTypes":90,"relatedExtensions":92,"breadcrumbs":137,"categoryAnchor":147,"categoryFuturePath":148,"metaDescription":149,"availableHowToOs":150,"openOnDeviceLinks":151,"cannotOpenReasons":167,"cannotOpenFixes":168,"convertOptions":169,"securityAffiliateMessaging":170,"securityAffiliates":171},false,"p7b","PKCS #7 Certificate Bundle (P7B)","certificates","Certificates","2026-06-12T09:19:23.091Z",55,".p7b is a PKCS #7 container most commonly used to bundle X.509 certificates (and sometimes certificate revocation lists) for import or exchange. It typically does not include a private key and is often used in S/MIME and certificate deployment workflows.",[13,14,15,16,17],"windows","mac","linux","ios","android","To open .P7B files on Windows, to import/view in the certificate store: open a Microsoft Management Console (MMC) snap-in for Certificates and use the import action, selecting the .p7b file.","To open a .p7b file, use a certificate tool/viewer such as Windows Certificate Manager (import) or command-line tools like OpenSSL or Microsoft certutil to inspect or convert it. A .p7b is usually a certificate chain/bundle, not a document you “read.”",".p7b commonly contains PKCS #7 (Cryptographic Message Syntax) structures, frequently a “degenerate” SignedData that carries certificates and possibly CRLs without actual signed content. The certificates inside are typically X.509. PKCS #7/CMS content is also carried under the S/MIME media type application/pkcs7-mime.","PKCS #7 defines a set of cryptographic message/container structures used to carry signed and/or encrypted data, and it is widely used for exchanging certificate-related objects. In practice, the .p7b extension is commonly used for a certificate bundle: one or more X.509 certificates and optionally CRLs, packaged together for distribution or installation.\n\nBecause a P7B usually contains certificates rather than a private key, it is often used to share an end-entity certificate together with intermediate CA certificates (a “chain”). This makes it convenient for importing into certificate stores or configuring servers/clients that need the full chain.\n\nPKCS #7/CMS content is also central to S/MIME, where the media type application/pkcs7-mime is used to transport these objects. Tools like OpenSSL can parse and convert PKCS #7 objects, and Windows environments commonly handle PKCS #7 bundles via built-in certificate services tooling such as certutil.",[23,26,29,32,35],{"title":24,"url":25},"IANA Media Types Registry (includes application/pkcs7-mime)","https://www.iana.org/assignments/media-types/media-types.xhtml",{"title":27,"url":28},"RFC 8551: S/MIME Version 4.0 Message Specification (media types including application/pkcs7-mime)","https://www.rfc-editor.org/info/rfc8551/",{"title":30,"url":31},"OpenSSL pkcs7(1ssl) manual (reading/writing PKCS#7 objects)","https://manpages.debian.org/unstable/openssl/openssl-pkcs7.1ssl.en.html",{"title":33,"url":34},"Microsoft Learn: certutil command (works with PKCS #7 formatted certificate files)","https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/certutil",{"title":36,"url":37},"Wikipedia: PKCS 7 (typical uses and tooling such as OpenSSL)","https://en.wikipedia.org/wiki/PKCS_7",{"windows":39,"macos":42,"linux":45,"ios":48,"android":50},[40,41],"To import/view in the certificate store: open a Microsoft Management Console (MMC) snap-in for Certificates and use the import action, selecting the .p7b file.","To inspect from the command line: run certutil against the file (for example, use certutil to dump/display certificate information from PKCS #7 formatted files).",[43,44],"If you only need to inspect/convert: use OpenSSL on the command line to parse the PKCS #7 object (for example, with the OpenSSL pkcs7 command).","If you need to install it, import the contained certificates into your keychain using a certificate-management workflow after converting/extracting certificates as needed with OpenSSL.",[46,47],"Inspect or convert using OpenSSL: use the OpenSSL pkcs7 command to read the .p7b and output the included certificates (for example, to PEM).","After extracting certificates, install them using your distribution’s certificate trust/store mechanism as appropriate for your use case.",[49],"iOS does not provide a general-purpose PKCS #7 bundle viewer; if you need to inspect or extract certificates, transfer the .p7b to a desktop system and use OpenSSL or Windows certificate tools.",[51],"Android does not typically include tools to inspect PKCS #7 bundles; transfer the .p7b to a desktop and use OpenSSL or Windows certificate tools to view/extract certificates.",[53,59,65],{"title":54,"description":55,"steps":56},"Expecting a private key (but .p7b usually does not contain one)","A .p7b certificate bundle commonly contains X.509 certificates and possibly CRLs, but not the private key needed for many server TLS/identity setups.",[57,58],"Confirm what you have: treat .p7b as a certificate/chain container, not a key store.","If you need a private key, obtain it from the original key generation process (it will be in a separate key file or another container such as a different certificate package), then use the certificate from the .p7b to match it.",{"title":60,"description":61,"steps":62},"Wrong encoding or tool mismatch (DER vs PEM, or “can’t parse” errors)","PKCS #7 objects can be encoded in DER or PEM; some tools expect one encoding and fail on the other.",[63,64],"Use OpenSSL’s pkcs7 tooling to explicitly read and output in the desired format (for example, convert/extract certificates to PEM).","If on Windows, use certutil to dump/display and verify the object is recognized as PKCS #7 before attempting import elsewhere.",{"title":66,"description":67,"steps":68},"Import succeeds but chain is incomplete or untrusted","A .p7b may not contain the full chain you need (missing intermediate CA certificates), or the trust anchor (root CA) is not trusted on the target system.",[69,70],"Inspect the bundle and verify it includes the needed intermediate certificates (use OpenSSL pkcs7 output or certutil display).","Install or add missing intermediate/root certificates according to your organization’s trust policy, then re-check the chain.",[72,73,74],".p7b files are commonly used to distribute X.509 certificates and may influence what your system trusts; only import certificates from sources you intend to trust.","Although .p7b typically does not contain private keys, importing an unexpected CA certificate can enable man-in-the-middle style interception within environments that trust that CA.","PKCS #7/CMS is also used for signed/encrypted messaging (S/MIME); treat certificate bundles attached to email/messages as potentially untrusted until verified.",[76,79,82,85],{"question":77,"answer":78},"What is inside a .p7b file?","Most commonly: one or more X.509 certificates (often a certificate chain) and sometimes certificate revocation lists (CRLs) packaged as a PKCS #7/CMS object.",{"question":80,"answer":81},"Is a .p7b the same as a certificate (.cer/.crt)?","Not exactly. A .cer/.crt is usually a single X.509 certificate, while .p7b commonly bundles multiple certificates (and possibly CRLs) in a PKCS #7 container.",{"question":83,"answer":84},"How can I extract the certificates from a .p7b?","Use OpenSSL’s PKCS #7 support (the openssl pkcs7 command) to output the included certificates (commonly to PEM). On Windows, certutil can also display and work with PKCS #7 formatted certificate files.",{"question":86,"answer":87},"What MIME type is associated with PKCS #7/CMS content used for .p7b-like files?","The IANA-registered S/MIME-related media type is application/pkcs7-mime.",[89],"p7c",[91],"application/pkcs7-mime",[93,99,105,111,116,121,127,132],{"ext":94,"name":95,"category":7,"categoryName":8,"popularity":96,"summary":97,"howToOs":98},"pfx","Personal Information Exchange (PFX)",78,".pfx is a PKCS #12 (PFX) container used to bundle certificates and (often) the associated private key into a single, typically password-protected file for import/export between systems.",[13,14,15,16,17],{"ext":100,"name":101,"category":7,"categoryName":8,"popularity":102,"summary":103,"howToOs":104},"pem","PEM-encoded Certificate",75,".pem is a text-based container format commonly used to store X.509 certificates, certificate chains, and sometimes private keys in Base64 with BEGIN/END markers. It is widely used by TLS software such as OpenSSL and Apache HTTP Server.",[13,14,15,16,17],{"ext":106,"name":107,"category":7,"categoryName":8,"popularity":108,"summary":109,"howToOs":110},"p12","PKCS#12 Certificate Bundle",65,".p12 is a PKCS #12 (also called PFX) container used to bundle an X.509 certificate chain together with its corresponding private key, typically protected by a password. It’s commonly opened/imported by certificate/key management tools such as Apple Keychain Access and OpenSSL.",[13,14,15,16,17],{"ext":112,"name":113,"category":7,"categoryName":8,"popularity":10,"summary":114,"howToOs":115},"csr","PKCS #10 Certificate Signing Request",".csr files are certificate signing requests used to obtain an X.509 certificate from a certificate authority (CA). They commonly contain a PKCS #10 request encoded as PEM (text) or DER (binary) and can be inspected or generated with OpenSSL.",[13,14,15,16,17],{"ext":117,"name":118,"category":7,"categoryName":8,"popularity":10,"summary":119,"howToOs":120},"der","DER-encoded X.509 Certificate",".der files most commonly contain binary DER-encoded ASN.1 data, especially X.509 certificates. They are typically opened for inspection or conversion using certificate tools such as OpenSSL.",[13,14,15,16,17],{"ext":122,"name":123,"category":7,"categoryName":8,"popularity":124,"summary":125,"howToOs":126},"ac","X.509 Attribute Certificate",35,".ac most commonly refers to an X.509 Attribute Certificate (authorization certificate) used in PKIX systems to carry privileges/roles separately from an identity certificate.",[13,14,15,16,17],{"ext":128,"name":129,"category":7,"categoryName":8,"popularity":124,"summary":130,"howToOs":131},"p7s","PKCS #7 / S/MIME Digital Signature (detached signature)",".p7s files are PKCS #7 signature objects most commonly used as detached digital signatures for S/MIME-signed email. You typically open them by verifying the signature in an email client or by inspecting/verifying with OpenSSL.",[13,14,15,16,17],{"ext":89,"name":133,"category":7,"categoryName":8,"popularity":134,"summary":135,"howToOs":136},"PKCS #7 / CMS certificate container (certs-only SignedData)",25,".p7c is a PKCS #7/CMS container most commonly used to carry X.509 certificates (often a “certs-only”/degenerate SignedData structure). It’s typically opened or inspected with certificate tools or OpenSSL rather than a document viewer.",[13,14,15,16,17],[138,141,144],{"label":139,"to":140},"Home","/",{"label":142,"to":143},"File Extension Index","/file-extension",{"label":145,"to":146},".P7B","/file-extension/p7b","category-certificates","/category/certificates","Learn what .P7B files are, how to open them on every platform, common fixes, and security best practices.",[13,14,15,16,17],[152,155,158,161,164],{"os":13,"label":153,"to":154},"Open .P7B on Windows","/how-to/open-p7b-on-windows",{"os":14,"label":156,"to":157},"Open .P7B on Mac","/how-to/open-p7b-on-mac",{"os":15,"label":159,"to":160},"Open .P7B on Linux","/how-to/open-p7b-on-linux",{"os":16,"label":162,"to":163},"Open .P7B on iOS","/how-to/open-p7b-on-ios",{"os":17,"label":165,"to":166},"Open .P7B on Android","/how-to/open-p7b-on-android",[54,60,66],[57,58],[],"untrusted_source",[172,176],{"name":173,"description":174,"affiliateUrl":175},"Avast","Avast offers free and premium antivirus software that protects against viruses, malware, ransomware, and phishing. Scan files before opening them to ensure safety.","https://www.avast.com/lp-aff-consumer-store?expid=inf601",{"name":177,"description":178,"affiliateUrl":179},"Norton","Norton 360 delivers comprehensive antivirus protection, VPN, and identity theft monitoring. Scan files for threats before opening to keep your device secure.","http://buy.norton.com/aff_home?utm_campaign=en-ww_nor_n36_aff_nas_nau_nah_cj_nad_low:_sec_nat_mktc_norton_360"]