Skip to Content

Convert CER CRT DER PEM PFX Certificate with Openssl

SSL certificates can have a variety of file extension types. There are a few simple OpenSSL commands that will correctly change the file format easily. We’ll walk you through the process in OpenSSL to convert a certificate to PEM.

x.509 certificates file extension

  • Certificate (.CRT) or (.CER)
  • Distinguished encoding rules (.DER)
  • Privacy-enhanced electronic mail (.PEM)


Convert Certificates and Keys to PEM Using OpenSSL

There are four basic ways to manipulate certificates — we can view, transform, combine, or extract them.

To transform one type of encoded certificate to another — such as converting CRT to PEM, CER to PEM, and DER to PEM — we need to use the following commands.

Understanding X509 Certificate with Openssl Command

Difference between PEM and DER

If the certificate is in text format, it is in PEM format.

We can read the contents of a PEM certificate (cert.crt) using the ‘openssl’ command on Linux or Windows as follows:

openssl x509 -in cert.crt -text

If the file content is binary, the certificate could be DER. To find out the format, run the following ‘openssl’ commands to open the certificate:

openssl x509 -in cert.crt -inform DER -text

OpenSSL: Convert CRT to PEM:

If the crt file is a DER format, we can use this command.
openssl x509 -inform der -in cert.crt -out cert.pem

OpenSSL: Convert CER to PEM

If the cer file is a DER format, we can use this command.
openssl x509 -inform der -in cert.cer -out cert.pem

OpenSSL: Convert DER to PEM

openssl x509 -inform der -in cert.der -outform pem -out cert.pem

Convert PFX to PEM

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

Convert P7B to PEM

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

Understanding PFX File with Examples

Convert P7B to PFX

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

Convert PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert PEM to P7B

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

Convert PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Convert PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.cer

Convert CRT to PFX

$ openssl pkcs12 -export -out -inkey -in

Convert CER to PFX

openssl pkcs12 -export -in yourcertificate.cer -inkey yourkey.key -out yourcertificate.pfx


Converting SSL certificate from CRT to PEM