SSL certificates can have a variety of file extension types. There are a few simple OpenSSL commands that will correctly change the file format easily. We’ll walk you through the process in OpenSSL to convert a certificate to PEM.
x.509 certificates file extension
- Certificate (.CRT) or (.CER)
- Distinguished encoding rules (.DER)
- Privacy-enhanced electronic mail (.PEM)
How to get a free SSL certificate?
If you need a free SSL certificate for your website, Elementor Cloud Website is a great option. They offer fast speeds, good uptime, and excellent customer support. It is an end-to-end solution that gives you everything you need in one place for your website.
Web Hosting on Google Cloud + SSL certificate + WordPress + Website Builder + Templates.
We recommend using Elementor Cloud Website. It is very easy to start. You can get your website online in minutes. The price is $99 for one year.
Plus, they offer a 30-day money-back guarantee, so you can try it out with no risk.
Convert Certificates and Keys to PEM Using OpenSSL
There are four basic ways to manipulate certificates — we can view, transform, combine, or extract them. To transform one type of encoded certificate to another — such as converting CRT to PEM, CER to PEM, and DER to PEM — we need to use the following commands.
Understanding SSL Certificate PEM File and SSH PEM File with Examples
Difference between PEM and DER
If the certificate is in text format, it is in PEM format.
We can read the contents of a PEM certificate (cert.crt) using the ‘openssl’ command on Linux or Windows as follows:
openssl x509 -in cert.crt -text
If the file content is binary, the certificate could be DER. To find out the format, run the following ‘openssl’ commands to open the certificate:
openssl x509 -in cert.crt -inform DER -text
OpenSSL: Convert CRT to PEM:
If the crt file is a DER format, we can use this command.
openssl x509 -inform der -in cert.crt -out cert.pem
OpenSSL: Convert CER to PEM
If the cer file is a DER format, we can use this command.
openssl x509 -inform der -in cert.cer -out cert.pem
OpenSSL: Convert DER to PEM
openssl x509 -inform der -in cert.der -outform pem -out cert.pem
Convert PFX to PEM
openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
Convert P7B to PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
Convert P7B to PFX
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer
Convert PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.der
Convert PEM to P7B
openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer
Convert PEM to PFX
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
Convert PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.cer
Convert CRT to PFX
$ openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt
Convert CER to PFX
openssl pkcs12 -export -in yourcertificate.cer -inkey yourkey.key -out yourcertificate.pfx
Related: