jspωiki
Converting Certificate Formats

Overview #

Often it is necessary to convert a Certificate from one Digital Certificate Formats to another often for placing the Certificate in one for the Certificate Keystores.

The Example commands provided require the openSSL libraries and tools. If OpenSSL is not on your platform you can obtain the source.

Some documentation is available.

Converting Certificate Formats is often part of a Data Extraction Transformation process.

Converting Using OpenSSL#

These commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers or software. For example, you can convert a normal PEM file that would work with Apache to a PFX (PKCS#12) file and use it with Tomcat or IIS.

You can use some of the online SSL Converters to convert certificates without messing with OpenSSL.

Convert a DER file (.crt .cer .der) to PEM#

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEMfile to DER#

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM#

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)#

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

More Information#

There might be more information for this subject on one of the following: