Overview #

Often it is necessary to convert a Certificate from one Certificate Format to another often for placing the Certificate in one for the Certificate Keystores.

The Example commands provided require the openSSL libraries and tools. If OpenSSL is not on your platform you can obtain the sourceContent unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png.

Some documentation is availableContent unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png.

Converting Certificate Formats is often part of a Data Extraction Transformation process.

Converting Using OpenSSL#

These commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers or software. For example, you can convert a normal PEM file that would work with Apache to a PFX (PKCS#12) file and use it with Tomcat or IIS.

You can use some of the online SSL ConvertersContent unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png to convert certificates without messing with OpenSSL.

Convert a DER file (.crt .cer .der) to PEM#

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEMfile to DER#

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM#

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)#

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

More Information#

There might be more information for this subject on one of the following:

• Certificate Keystores
• OpenSSL Commands

---

• [#1] - The Most Common OpenSSL CommandsContent unavailable! (broken link)https://ldapwiki.com/wiki/images/out.png - based on 2013-11-19