CER Format - Certificate File

What is CER?

CER files are X.509 certificates - identical content to CRT, just different extension. Contains public key, subject information, issuer (Certificate Authority), validity dates, and digital signature. CER is Microsoft's preferred extension (Windows Certificate Manager uses .cer). Can be encoded as: DER format (binary, preferred by Windows) or PEM format (Base64 ASCII text). Double-clicking .cer on Windows opens Certificate Import Wizard. Used interchangeably with .crt on many systems.

CER files are prevalent in Windows environments - Active Directory Certificate Services (AD CS), IIS web servers, Windows certificate stores. Export certificates from Windows as .cer (DER or Base64). Used for: SSL/TLS (HTTPS), code signing (Authenticode for .exe/.dll), email encryption (S/MIME), document signing, VPN authentication. CER vs CRT distinction is mostly conventional: Unix/Linux prefers .crt (PEM), Windows prefers .cer (DER or PEM). Both are X.509 certificates - functionally equivalent. Certificate Authorities issue both extensions interchangeably.

Did you know? CER and CRT are the same format - just different file extensions!

History

CER emerged as Microsoft's preferred extension for X.509 certificates in Windows environments, becoming standard for Windows certificate management.

Key Milestones

1988: X.509 standard established
1995: Windows certificate stores
2000: IIS SSL certificate support
2006: Code signing (Authenticode)
2010s: Enterprise PKI adoption
Present: Universal Windows standard

Key Features

Core Capabilities

Windows Integration: Native support
DER/PEM Encoding: Binary or text
Certificate Store: Import/export
Code Signing: Authenticode support
SSL/TLS: IIS, Windows servers
S/MIME: Email encryption

Common Use Cases

Windows SSL

IIS web servers

Code Signing

Authenticode (EXE/DLL)

Enterprise PKI

Active Directory CS

Email

S/MIME encryption

Advantages

Native Windows support (double-click import)
Identical to CRT (universal compatibility)
DER binary format (compact)
Certificate Manager integration
Code signing (Authenticode)
Enterprise PKI standard
IIS web server native format

Disadvantages

Extension confusion with CRT
DER format not human-readable
Primarily Windows-centric
Unix/Linux prefer .crt extension
May require conversion for some tools
Same limitations as CRT (renewal, CA trust)

Technical Information

Format Specifications

Specification	Details
File Extension	.cer
Alternative	.crt (identical content)
MIME Type	application/x-x509-ca-cert
Standard	ITU-T X.509
Encoding	DER (binary) or PEM (Base64)
Platform	Windows preferred, cross-platform

Common Tools

Windows: Certificate Manager (certmgr.msc), IIS Manager
Import: Double-click (Windows), certutil (CLI)
Conversion: OpenSSL (CER ↔ CRT, DER ↔ PEM)
Issuance: DigiCert, Let's Encrypt, AD CS

Work with CER

Convert Files All Formats

Related Formats

Tip: Import CER certificates on Windows by double-clicking - Certificate Manager opens automatically!