Converting SSL certificate from CRT to PEM

Table of Contents

There are two major encoding schemes for X.509 certificates and keys: PEM (Base64 ASCII), and DER (binary).

  • DER (Distinguished Encoding Rules) is a data object encoding schema that can be used to encode certificate objects into binary files.
  • PEM (Privacy Enhanced Mail) is an encrypted email encoding schema that can be borrowed to encode certificate DER files into text files.

We can’t always tell what kind of file we are working with just from looking at the filename; we may need to open it in a text editor and take a look for ourselves.

Understanding PEM

PEM (originally “Privacy Enhanced Mail”) is the most common format for X.509 certificates, CSRs, and cryptographic keys.

A PEM file is a text file containing one or more items in Base64 ASCII encoding, each with plain-text headers and footers (e.g. —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–).

Example of PEM

Here is an example of PEM format certificate.

# more certificate.pem









Check SSL Certificate with OpenSSL

Understanding DER

DER (Distinguished Encoding Rules) is a binary encoding for X.509 certificates and private keys. Unlike PEM, DER-encoded files do not contain plain text statements such as —–BEGIN CERTIFICATE—–. DER files are most commonly seen in Java contexts.

Those certificate DER files are binary files, which can not be viewed with text editors. But they can be processed by application without any problems.

DER-encoded certificate files are supported by almost all applications.

Difference between PEM and DER

If the certificate is in text format, then it is in PEM format.

We can read the contents of a PEM certificate (cert.crt) using the ‘openssl’ command on Linux or Windows as follows:

openssl x509 -in cert.crt -text

If the file content is binary, the certificate could be DER. To find out the format, run the following ‘openssl’ commands to open the certificate:

openssl x509 -in cert.crt -inform DER -text

Understanding CRT file

A file with .crt extension is a security certificate file that is used by secure websites to establish secure connections from web server to a browser.

If we open a secure website, we see a “lock” icon in the address bar. If we click on it, we can view the details of the installed certificate.

Convert CRT certificate to PEM

If our crt certificate is in PEM format, we can use cp cert.crt cert.pem to convert.

or openssl x509 -in cert.crt -out cert.pem

If our crt certificate is in der format, we need to use the following command to convert to pem.

openssl x509 -inform der -in cert.crt -out cert.pem

Understanding X509 Certificate with Openssl Command

Share on facebook
Share on twitter
Share on linkedin

If you meet any issues with Linux, record them with Loom and send the link to us here. We will reply ASAP.

Load WordPress Sites in as fast as 37ms!