Convert CER CRT DER PEM PFX Certificate with Openssl

Table of Contents

SSL certificates can have a variety of file extension types. There are a few simple OpenSSL commands that will correctly change the file format easily. We’ll walk you through the process in OpenSSL to convert a certificate to PEM.

x.509 certificates file extension

  • Certificate (.CRT) or (.CER)
  • Distinguished encoding rules (.DER)
  • Privacy-enhanced electronic mail (.PEM)


How to get a free SSL certificate?

If you need a free SSL certificate for your website, Elementor Cloud Website is a great option. They offer fast speeds, good uptime, and excellent customer support. It is an end-to-end solution that gives you everything you need in one place for your website.

Web Hosting on Google Cloud + SSL certificate + WordPress + Website Builder + Templates.

We recommend using Elementor Cloud Website. It is very easy to start. You can get your website online in minutes. The price is $99 for one year.

Plus, they offer a 30-day money-back guarantee, so you can try it out with no risk.


Convert Certificates and Keys to PEM Using OpenSSL

There are four basic ways to manipulate certificates — we can view, transform, combine, or extract them. To transform one type of encoded certificate to another — such as converting CRT to PEM, CER to PEM, and DER to PEM — we need to use the following commands.

Understanding SSL Certificate PEM File and SSH PEM File with Examples

Difference between PEM and DER

If the certificate is in text format, it is in PEM format.

We can read the contents of a PEM certificate (cert.crt) using the ‘openssl’ command on Linux or Windows as follows:
openssl x509 -in cert.crt -text

If the file content is binary, the certificate could be DER. To find out the format, run the following ‘openssl’ commands to open the certificate:
openssl x509 -in cert.crt -inform DER -text

OpenSSL: Convert CRT to PEM:

If the crt file is a DER format, we can use this command.
openssl x509 -inform der -in cert.crt -out cert.pem

OpenSSL: Convert CER to PEM

If the cer file is a DER format, we can use this command.
openssl x509 -inform der -in cert.cer -out cert.pem

OpenSSL: Convert DER to PEM

openssl x509 -inform der -in cert.der -outform pem -out cert.pem

Convert PFX to PEM

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

Convert P7B to PEM

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

Understanding PFX File with Examples

Convert P7B to PFX

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

Convert PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert PEM to P7B

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

Convert PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Convert PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.cer

Convert CRT to PFX

$ openssl pkcs12 -export -out -inkey -in

Convert CER to PFX

openssl pkcs12 -export -in yourcertificate.cer -inkey yourkey.key -out yourcertificate.pfx


Converting SSL certificate from CRT to PEM

Welcome to!

Our website is dedicated to providing comprehensive information on using Linux.

We hope you find our site helpful and informative, and we welcome your feedback and suggestions for future content.

Learn More