I\'ve only seen private key files (.pfx, .pkcs12) being password protected. Some

Question

I've only seen private key files (.pfx, .pkcs12) being password protected. Someone told me public cert files (.cer) can also be password-protected. Is that true? Is it also true to say any certificate can be password-protected?

Just a note - I've tried using openssl to create some self-signed certs using the command below, and the only password I was prompted to enter was for the public key. Not sure if that's enough proof that there's no such thing as a public certificate password, or there are additional openssl commands to define public cert password that I don't know about?

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem

Explanation / Answer

What would be the point ? A public certificate is public: if you need to password-protect it, it would mean your security model is flawed. Therefore, there is no standard way to store an X509 certificate in a password-protected form.

That being said, in practice, you can place a cert into any kind of container: a PGP protected file, a ZIP file, a password-protected PKCS#12 (basically, a PFX) or any type of container.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.