Status: Scaffold — content in progress
X.509 is the ITU-T standard for public key certificates, used in TLS, code signing, email (S/MIME), and identity authentication.
| Format | Extension | Description |
|---|
| DER | .der, .cer | Binary ASN.1 encoding |
| PEM | .pem, .crt, .key | Base64-encoded DER with headers |
| PKCS#12 / PFX | .pfx, .p12 | Bundle: cert + private key (password-protected) |
| PKCS#7 / P7B | .p7b | Certificate chain, no private key |
Certificate Validation
- Signature validation (chain to trusted root)
- Validity period check
- Revocation check (CRL or OCSP)
- Key usage / EKU check (is this cert allowed for this purpose?)
- Name check (does the SAN match the expected identity?)
Certificate Theft Targets
| Location | Tool | Method |
|---|
| Windows Certificate Store | certutil, Mimikatz crypto::certificates | Export with private key |
| Current user store | PowerShell Get-ChildItem Cert:\CurrentUser\My | Export if non-exportable flag bypassed |
| PKCS#12 files | File system search | *.pfx, *.p12 |
| Memory | Mimikatz | CAPI/CNG key extraction |
Cross-Links