What is a .dat certificate? Is there any difference between a JKS certificate and a .dat certificate? How can I use the .dat certificate to trust the server side? Is it the same to other certificates?
Asked
Active
Viewed 5,421 times
1 Answers
5
.dat is just a file extension that tells you nothing useful about the format of the file itself.
There are two types of certificate files in common use: PEM and DER. PEM encodes its data in the form of Base-64 encoded text wrapped in human-readable headers. DER encodes its data in raw binary form. Both formats are capable of encoding the same types of data, but while PEM files can store multiple objects (certificate and key, for instance, or an entire certificate trust chain), DER files are limited to one object per file. Additionally, some applications are designed specifically for one or the other.
Open up your file in a text editor. Is it vaguely human-readable? Then it's a PEM file. Is it garbage? Then it's probably DER.
JKS per se isn't a certificate format; it's a storage format for certificates and keys. One .jks file can potentially store many certificates and keys. Java will expect that you import your certificate into a keystore first; then you can load it into a TrustStore or KeyStore depending on what you need.
-
1One way to find out is to use `openssl`, for example: `openssl x509 -noout -text -inform PEM -in file.dat` should display the content if this is a PEM, the same command with `-inform DER` should work if it's in DER format. – Bruno Jul 27 '12 at 09:29
-
Thanks atomicinf and Bruno! I was able to understand it already. :D But one more thing, how is the .dat file created? Is it another container for pem or der certificates just like how a jks works? Or is it already the pem or der file but the extenstion was only renamed to ".dat"? – Arci Jul 29 '12 at 09:37
-
`.dat` is a generic enough extension that either case could apply, but I suspect the latter. You can always check by trying to read the certificate with OpenSSL. – atomicinf Jul 29 '12 at 17:30
-
I have tried both strategies mentioned by Bruno and didn't get successfuly response. Then I focused in the last part of atomicinf reply and it made me think that my .dat file could be a keystore (this could be kind obvious for others but as I am not very familiar certificates ... sorry about that :) So, then I tried checking it with keytool and realize following : $keytool -list -keystore MyKey.dat -storepass 1234 ... Tipo de área de armazenamento de chaves: JKS ... I could check and list its content and find out it it a JKS keystore type. – Rafael Oct 02 '17 at 14:19