FTPing Digital Certificates Various Formats

Document ID : KB000053951
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

Should Binary or ASCII be used when FTPing digital certificates?

Answer:

It depends on the Digital Certificate format that determines if it should be FTPed in BINARY or ASCII:

  • CERTB64 - Specifies a DER encoded X.509 certificate that has been encoded using Base64. This is a text file so it can be ship in an e-mail. If it being transferred using FTP or Connect:Direct, TEXT or ASCII mode must be used.

  • CERTDER - Specifies a DER encoded X.509 certificate. It is a binary file, so if it being transferred using FTP or Connect:Direct, BINARY mode must be used.

  • PKCS12B64 - Specifies a DER encoded PKCS#12 package that has been encoded using Base64. A PKCS12 PASSWORD must also be supplied. Export the certificate and the private key (which must exist and must not be an ICSF key). The package produced by specifying one of the PKCS #12 keywords is encrypted using the password specified according to the PKCS #12 standard. Processing will attempt to package any certificate-authority certificate necessary to complete the basing chain to the exported certificate. This is a text file so it can be ship in an e-mail. If it being transferred using FTP or Connect:Direct, TEXT or ASCII mode must be used.

  • PKCS12DER - Specifies a DER encoded PKCS#12 package. A PKCS12 PASSWORD must also be supplied. Export the certificate and the private key (which must exist and must not be an ICSF key). The package produced by specifying one of the PKCS #12 keywords is encrypted using the password specified according to the PKCS #12 standard. Processing will attempt to package any certificate-authority certificate necessary to complete the basing chain to the exported certificate. It is a binary file, so if it being transferred using FTP or Connect:Direct, BINARY mode must be used.