PEM

Jan 1, 0001

Definition

PEM (Privacy-Enhanced Mail) is a file format primarily used to store and transmit cryptographic keys, certificates, and other data in a base64-encoded format. It is commonly used in SSL/TLS to store server certificates, intermediate certificates, and private keys. PEM files typically have extensions such as .pem, .crt, .cer, or .key and include headers and footers to indicate the type of data contained, such as -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

Secure Settings Example

# Example of a secure Nginx configuration using PEM files for SSL/TLS
server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/ssl/certs/example.com.crt; # PEM-encoded certificate
    ssl_certificate_key /etc/ssl/private/example.com.key; # PEM-encoded private key

    ssl_protocols TLSv1.2 TLSv1.3; # Secure protocols only
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384'; # Strong ciphers
    ssl_prefer_server_ciphers on;
}

Insecure Settings Example

# Example of an insecure Nginx configuration using PEM files
server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/ssl/certs/example.com.crt; # PEM-encoded certificate
    ssl_certificate_key /etc/ssl/private/example.com.key; # PEM-encoded private key

    ssl_protocols SSLv3 TLSv1; # Insecure protocols
    ssl_ciphers 'DES-CBC3-SHA:RC4-SHA'; # Weak ciphers
    ssl_prefer_server_ciphers off;
}

PEM

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter