Converting CER CRT DER PEM PFX Certificate with Openssl

Table of Contents

SSL certificates can have a variety of file extension types. There are a few simple OpenSSL commands that will correctly change the file format easily. We’ll walk you through the process in OpenSSL to convert a certificate to PEM.

x.509 certificates file extension

  • Certificate (.CRT) or (.CER)
  • Distinguished encoding rules (.DER)
  • Privacy-enhanced electronic mail (.PEM)

Convert Certificates and Keys to PEM Using OpenSSL

There are four basic ways to manipulate certificates — we can view, transform, combine, or extract them. To transform one type of encoded certificate to another — such as converting CRT to PEM, CER to PEM, and DER to PEM — we need to use the following commands.

Difference between PEM and DER

If the certificate is in text format, then it is in PEM format.

We can read the contents of a PEM certificate (cert.crt) using the ‘openssl’ command on Linux or Windows as follows:

openssl x509 -in cert.crt -text

If the file content is binary, the certificate could be DER. To find out the format, run the following ‘openssl’ commands to open the certificate:

openssl x509 -in cert.crt -inform DER -text

OpenSSL: Convert CRT to PEM:

If the crt file is a DER format, we can use this command.

openssl x509 -inform der -in cert.crt -out cert.pem

OpenSSL: Convert CER to PEM

If the cer file is a DER format, we can use this command.

openssl x509 -inform der -in cert.cer -out cert.pem

OpenSSL: Convert DER to PEM

openssl x509 -inform der -in cert.der -outform pem -out cert.pem

Convert PFX to PEM

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

Convert P7B to PEM

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

Convert P7B to PFX

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

Convert PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert PEM to P7B

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

Convert PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Convert PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.cer

Convert CRT to PFX

$ openssl pkcs12 -export -out -inkey -in

Convert CER to PFX

openssl pkcs12 -export -in yourcertificate.cer -inkey yourkey.key -out yourcertificate.pfx


Converting SSL certificate from CRT to PEM

Table of Contents

Share on facebook
Share on twitter
Share on linkedin

You might also like