What is the difference between .CER and .CRT?

Question

Is there a difference between .cer and .crt. I know they both are same SSL certificate format, but don't know what is the difference between them.

If there no difference, why 2 different extensions?

Answer 1

None.

Extensions are useless, as are filenames. They DO NOT count. Only the content counts. The software does not care how you call your filenames, holding certificates and private keys, it could be foobar.42 and would work as well (as long as the content is correct).

The names are only to aid the humans to more easily know what it is about. It is customary for example to use the site name as filename to clearly identify it, and then use "some" extension, on one side for a certificate (.cert or .crt or .cer) and a private key (.key). You also have certificate signing requests (something you generate before getting the certificate), which are often .csr.

You may find .pem sometimes also, which is ambiguous: PEM is a format to encode a content, you can encode a certificate or a key, so just by .pem you do not know what it is about where .crt vs .key at least make the difference clear.

Now, .cert would probably be the most obvious choice... but since we inherit from some past arbitrary limits of some past OS, we often prefer 3 letters for extensions, at most, so pick your poison between shortening .cert either to .cer or .crt (the latter seems to me more often found). Also for the same silly past arbitrary decisions, some OS attaches specific actions on specific files based on their name. Your OS may treat the same file differently if it ends in .crt vs ending in .cer. But this is all configuration and local preferences, again only the content really matters.

Answer 2

In a good world, where everyone can be trusted, we might not need encryption, identification, certificates and such. But such world does not exist unfortunately, bad guys are everywhere, and thus came along the need for encryption, and symmetric keys were born. 1 key that is the same for both the client and the server to encrypt & decrypt the data is all that is needed. The process is fast, as the key is usually 256 bits in length only. All good.

One concern though is, how do we distribute the key securely?

Born was the public key infrastructure system, PKI or PKIX(X for X.509), where the public key is distributed to encrypt, and the private key,(not distributed, therefore secure), to decrypt. These are called asymmetric keys, which are usually at least 2048 bits, more robust, but you guess well, slower.

Then we needed a standard to construct those keys, X.500 came along, and evolved into X.509 v3 which is encoded in either .DER(binary) or .PEM(which is just a base-64 encoding of the DER, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----). So, sometimes, you might see .DER, sometimes .PEM certificates.

Together with .DER and .PEM, we also have other related certificates formats such as .CER and .CRT.

The difference, a good explanation taken from here:

.CRT = The CRT extension is used for certificates. The certificates may be encoded as binary DER or as ASCII PEM. The CER and CRT extensions are nearly synonymous. Most common among *nix systems

CER = alternate form of .crt (Microsoft Convention) You can use MS to convert .crt to .cer (.both DER encoded .cer, or base64[PEM] encoded .cer) The .cer file extension is also recognized by IE as a command to run a MS cryptoAPI command

Hopefully, the above has given you a background and some idea of the oh-so-many certificate extensions lying around and which can be quite confusing at times, especially for the new comer.