SSL certificates can have a variety of file extension types. There are a few simple OpenSSL commands that will correctly change the file format easily. We’ll walk you through the process in OpenSSL to convert a certificate to PEM.
Table of Contents
x.509 certificates file extension
- Certificate (.CRT) or (.CER)
- Distinguished encoding rules (.DER)
- Privacy-enhanced electronic mail (.PEM)
Convert Certificates and Keys to PEM Using OpenSSL
There are four basic ways to manipulate certificates — we can view, transform, combine, or extract them.
To transform one type of encoded certificate to another — such as converting CRT to PEM, CER to PEM, and DER to PEM — we need to use the following commands.
Difference between PEM and DER
If the certificate is in text format, it is in PEM format.
We can read the contents of a PEM certificate (cert.crt) using the ‘openssl’ command on Linux or Windows as follows:
openssl x509 -in cert.crt -text
If the file content is binary, the certificate could be DER. To find out the format, run the following ‘openssl’ commands to open the certificate:
openssl x509 -in cert.crt -inform DER -text
OpenSSL: Convert CRT to PEM:
If the crt file is a DER format, we can use this command.
openssl x509 -inform der -in cert.crt -out cert.pem
OpenSSL: Convert CER to PEM
If the cer file is a DER format, we can use this command.
openssl x509 -inform der -in cert.cer -out cert.pem
OpenSSL: Convert DER to PEM
openssl x509 -inform der -in cert.der -outform pem -out cert.pem
Convert PFX to PEM
openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
Convert P7B to PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
Convert P7B to PFX
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer
Convert PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.der
Convert PEM to P7B
openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer
Convert PEM to PFX
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
Convert PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.cer
Convert CRT to PFX
$ openssl pkcs12 -export -out domain.name.pfx -inkey domain.name.key -in domain.name.crt
Convert CER to PFX
openssl pkcs12 -export -in yourcertificate.cer -inkey yourkey.key -out yourcertificate.pfx
Related: