There are three main types of digital certificates: extended validated, organization validated, and domain validated certificates. Certificates can be encoded in .der, .pem, .key, .cert, .cer, and .crt formats. The .pem format encodes the .der certificate in base64 and can contain additional data like private keys. Openssl commands can be used to view the contents and properties of a certificate.

1. Digital Certificate- Formats & Types

2. Certificate Types
Extended Validated certificate
Organization Validated certificate
Domain Validated certificate

3. Certificate data formats
.der:
• binary encoding of x.509 certificate
.pem
• Not a certificate format, merely an encoding format
• base64 encoded of .der certificate.
• Characterized by “BEGIN CERTIFICATE” <content> “END CERTIFICATE”
• Usually used by open source Software
• container format (may contains keys, certificate, certificate signing request etc)
.key
• pem formatted file containing private key
• conventional format
.cert /.cer/ .crt
• pem formatted file with different extention
• recognized by Windows Explorer as a certificate

4. Inspect content of a certificate
• $ openssl x509 -in www_amazon_com.crt -text -noout

5. Types of Certificate
Certificate binds a public key to its owner.
PGP certificate
• Decentralized ways of establishing trust
X.509
• Centralized trust model

6. References
• https://serverfault.com/questions/9708/what-is-a-pem-
file-and-how-does-it-differ-from-other-openssl-
generated-key-file