What is a .der file?

Drop any file to identify it

No upload. No signup. No sending your file halfway across the internet.
We tell you what it is, right here in your browser.

What is it

DER (Distinguished Encoding Rules) is the binary format for encoding X.509 certificates and keys. While PEM wraps the same data in Base64 text with headers, DER stores it as raw binary. The data is identical — DER is just the compact, non-text representation.

You'll encounter DER files in Java keystores (Java prefers binary formats), embedded systems (where text overhead matters), and some Windows certificate workflows. DER files are smaller than their PEM equivalents (no Base64 overhead) but can't be concatenated, pasted into text fields, or included in configuration files that expect text.

Converting between DER and PEM is trivial with OpenSSL: `openssl x509 -in cert.der -inform der -out cert.pem` converts to PEM. Most certificate operations work with either format — the tools just need to know which encoding to expect.

Technical details

Full Name

DER-Encoded Certificate

MIME Type

application/x-x509-ca-cert

Developer

ITU-T (ASN.1 standard)

Magic Bytes

30 82

Safety

What opens it

openssl (CLI)

FREE Windows / Mac / Linux

KeyStore Explorer

FREE Windows / Mac / Linux

Windows Certificate Viewer

FREE Windows

FAQ

What's the difference between DER and PEM?

Same data, different encoding. DER is binary (compact, not human-readable). PEM is Base64-encoded DER wrapped in text headers (larger, human-readable, copy-paste friendly). Most tools accept either.

How do I convert DER to PEM?

`openssl x509 -in cert.der -inform der -out cert.pem -outform pem`. For private keys: `openssl rsa -in key.der -inform der -out key.pem -outform pem`.

Related formats

Drop any file to identify it

Drop it!

Couldn't identify this file