What is CRT?

CRT files are X.509 digital certificates - cryptographic documents binding public keys to identities (domains, organizations, individuals). Contains: public key, subject (domain name or entity), issuer (Certificate Authority like Let's Encrypt, DigiCert), validity period, signature algorithm, serial number. Available in PEM format (Base64-encoded, "-----BEGIN CERTIFICATE-----") or DER format (binary). PEM is most common for web servers. Web browsers trust CRT files signed by trusted Certificate Authorities (CAs) for HTTPS.

CRT files power HTTPS on billions of websites - enabling encrypted communication and preventing man-in-the-middle attacks. Every HTTPS site uses SSL/TLS certificates (.crt). Certificate Authorities issue CRT files after domain validation (DV), organization validation (OV), or extended validation (EV). Let's Encrypt provides free automated CRT files since 2016 (revolutionized web security). Web servers (Apache, Nginx) require .crt + private key (.key) for HTTPS. Also used for: email encryption (S/MIME), code signing, VPN authentication, client certificates. Certificate chains (root → intermediate → leaf) establish trust.

Did you know? Let's Encrypt issues 3+ million free SSL certificates daily!

History

ITU-T developed X.509 standard for digital certificates, becoming the foundation for SSL/TLS and modern web security infrastructure.

Key Milestones

  • 1988: X.509 standard published
  • 1994: SSL/TLS adoption begins
  • 2000s: HTTPS becomes standard
  • 2016: Let's Encrypt free certificates
  • 2018: Chrome requires HTTPS
  • Present: Universal web encryption

Key Features

Core Capabilities

  • Identity Verification: Domain/organization authentication
  • Public Key Distribution: Secure key exchange
  • CA Trust Chain: Certificate Authority validation
  • Expiration Dates: Time-limited validity
  • Digital Signatures: Tamper-proof verification
  • HTTPS Encryption: Secure web traffic

Common Use Cases

HTTPS/SSL

Website encryption

Email Security

S/MIME encryption

Code Signing

Software authentication

VPN/Network

Authentication, tunnels

Advantages

  • Industry-standard X.509 format
  • Establishes trust via CA chain
  • Enables secure HTTPS communication
  • Free options (Let's Encrypt)
  • Automated renewal support
  • Browser universal support
  • Multiple use cases (web, email, code)

Disadvantages

  • Requires renewal (typically 90 days)
  • CA compromise affects trust
  • Complex certificate chain management
  • Misconfiguration can break HTTPS
  • Private key must be kept secure
  • Revocation checking overhead

Technical Information

Format Specifications

Specification Details
File Extension .crt, .cer, .pem
MIME Type application/x-x509-ca-cert
Standard ITU-T X.509
Encoding PEM (Base64) or DER (binary)
Typical Validity 90 days (Let's Encrypt), 1-2 years (paid)
Contents Public key, subject, issuer, signature

Common Tools

  • Issuance: Let's Encrypt (Certbot), DigiCert, Comodo
  • Web Servers: Apache (mod_ssl), Nginx, IIS
  • CLI Tools: OpenSSL (cert inspection, conversion)
  • Testing: SSL Labs, Qualys SSL Server Test