Converting CER CRT DER PEM PFX Certificate with Openssl

Table of Contents

SSL certificates can have a variety of file extension types. There are a few simple OpenSSL commands that will correctly change the file format easily. We’ll walk you through the process in OpenSSL to convert a certificate to PEM.

x.509 certificates file extension

  • Certificate (.CRT) or (.CER)
  • Distinguished encoding rules (.DER)
  • Privacy-enhanced electronic mail (.PEM)


How to get a free SSL certificate?

If you need a free SSL certificate for your website, Elementor Cloud Website is a great option. They offer fast speeds, good uptime, and excellent customer support. It is an end-to-end solution gives you everything you need in one place for your website. Web Hosting on Google Cloud + SSL certificate + WordPress + Website Builder + Templates.

We recommend using Elementor Cloud Website. It is very easy to start. You can get your website online in minutes. The price is $99 for one year. Plus, they offer a 30-day money-back guarantee, so you can try it out with no risk.

Elementor Cloud Website Features

  • Built-in hosting from Google Cloud Platform
  • Secure CDN by Cloudflare
  • Free SSL certification by Cloudflare
  • 20 GB storage
  • 100 GB bandwidth
  • 100K monthly visits
  • Free custom domain connection
  • Free subdomain under
  • Automatic backups once every 24 hours
  • Manual backups from My Elementor account
  • You also get all the benefits of Elementor Pro, including the drag & drop editor, all Pro widgets, features, kits and templates. PLUS, you get support for everything, from the Editor to Hosting, all in one place.


Convert Certificates and Keys to PEM Using OpenSSL

There are four basic ways to manipulate certificates — we can view, transform, combine, or extract them. To transform one type of encoded certificate to another — such as converting CRT to PEM, CER to PEM, and DER to PEM — we need to use the following commands.

Understanding SSL Certificate PEM File and SSH PEM File with Examples

Difference between PEM and DER

If the certificate is in text format, it is in PEM format.

We can read the contents of a PEM certificate (cert.crt) using the ‘openssl’ command on Linux or Windows as follows:
openssl x509 -in cert.crt -text

If the file content is binary, the certificate could be DER. To find out the format, run the following ‘openssl’ commands to open the certificate:
openssl x509 -in cert.crt -inform DER -text

OpenSSL: Convert CRT to PEM:

If the crt file is a DER format, we can use this command.
openssl x509 -inform der -in cert.crt -out cert.pem

OpenSSL: Convert CER to PEM

If the cer file is a DER format, we can use this command.
openssl x509 -inform der -in cert.cer -out cert.pem

OpenSSL: Convert DER to PEM

openssl x509 -inform der -in cert.der -outform pem -out cert.pem

Convert PFX to PEM

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

Convert P7B to PEM

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

Understanding PFX File with Examples

Convert P7B to PFX

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

Convert PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert PEM to P7B

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

Convert PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Convert PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.cer

Convert CRT to PFX

$ openssl pkcs12 -export -out -inkey -in

Convert CER to PFX

openssl pkcs12 -export -in yourcertificate.cer -inkey yourkey.key -out yourcertificate.pfx


Converting SSL certificate from CRT to PEM

Share on facebook
Share on twitter
Share on linkedin

If you meet any issues with Linux, record them with Loom and send the link to us here. We will reply ASAP.

Load WordPress Sites in as fast as 37ms!