Converting CER CRT DER PEM PFX Certificate with Openssl

Updated: Sep 2

SSL certificates can have a variety of file extension types. There are a few simple OpenSSL commands that will correctly change the file format easily. We’ll walk you through the process in OpenSSL to convert a certificate to PEM.

x.509 certificates file extension

  • Certificate (.CRT) or (.CER)

  • Distinguished encoding rules (.DER)

  • Privacy-enhanced electronic mail (.PEM)

Convert Certificates and Keys to PEM Using OpenSSL

There are four basic ways to manipulate certificates — we can view, transform, combine, or extract them. To transform one type of encoded certificate to another — such as converting CRT to PEM, CER to PEM, and DER to PEM — we need to use the following commands.

OpenSSL: Convert CRT to PEM:

openssl x509 -in cert.crt -out cert.pem

OpenSSL: Convert CER to PEM

openssl x509 -in cert.cer -out cert.pem

OpenSSL: Convert DER to PEM

openssl x509 -in cert.der -out cert.pem

Convert PFX to PEM

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

Convert P7B to PEM

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

Convert P7B to PFX

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

Convert PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert PEM to P7B

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

Convert PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Convert PEM to CER

openssl x509 -outform cer -in certificate.pem -out certificate.cer

Convert CRT to PFX

$ openssl pkcs12 -export -out -inkey -in

Convert CER to PFX

openssl pkcs12 -export -in yourcertificate.cer -inkey yourkey.key -out yourcertificate.pfx

屏幕快照 2021-08-08 下午5.16.32.png