Here are some common file extensions used in mutual TLS (mTLS) and when to use each:
- .pem (Privacy Enhanced Mail): This is a container format that may include just the public certificate or the entire certificate chain (private key, public key, root certificates). It's used for storing and sending cryptographic keys, certificates, and other data, and it's base64 encoded.
- .crt (Certificate): This is a public key certificate. It's usually in the X.509 standard and it's used to establish a TLS encrypted secure connection.
- .key (Key): This is a private key file. It's used in the creation and verification of digital signatures and in the decryption of data.
- .csr (Certificate Signing Request): This is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It's used to apply for your own certificates.
- .cer/.crt (Certificate): These are SSL certificates that can be in binary form (ASN.1 DER) or encoded with Base-64 with header and footer included (PEM), and they're used to establish a TLS encrypted secure connection.
- .pfx/.p12 (Personal Information Exchange): These files are used to store the server certificate, any intermediate certificates, and the private key in one encryptable file. They're commonly used on Windows machines to import and export certificates and private keys.
Remember, the usage of these files can vary depending on the specific requirements of the mTLS implementation. Always refer to the specific documentation of the system you're working with for the most accurate information.