Overview #

Often it is necessary to convert a Certificate from one Digital Certificate Formats to another often for placing the Certificate in one for the Certificate Keystores.

The Example commands provided require the openSSL libraries and tools. If OpenSSL is not on your platform you can obtain the source.

Some documentation is available.

Converting Using OpenSSL#

These commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers or software. For example, you can convert a normal PEM file that would work with Apache to a PFX (PKCS#12) file and use it with Tomcat or IIS.

You can use some of the online SSL Converters to convert certificates without messing with OpenSSL.

Convert a DER file (.crt .cer .der) to PEM#

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEMfile to DER#

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM#

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)#

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-13) was last changed on 18-Sep-2015 11:54 by jim