<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview 
Often it is necessary to convert a [Certificate] from one [Certificate Format] to another often for placing the [Certificate] in one for the [Certificate Keystores]. 

The [Example] commands provided require the openSSL libraries and tools.
If [OpenSSL] is not on your platform you can [obtain the source|http://www.openssl.org/].

Some [documentation is available|http://www.openssl.org/docs/apps/openssl.html].

[{$pagename}] is often part of a [Data Extraction Transformation] process.

!! Converting Using [OpenSSL]
These commands allow you to convert [certificates] and keys to different formats to make them compatible with specific types of servers or software. For example, you can convert a normal [PEM|Privacy-Enhanced Mail] file that would work with Apache to a PFX ([PKCS#12|PKCS12]) file and use it with Tomcat or IIS.  

You can use some of the [online SSL Converters|https://www.sslshopper.com/ssl-converter.html|target='_blank'] to convert certificates without messing with OpenSSL.

! Convert a [DER|Distinguished Encoding Rules] file (.crt .cer .der) to [PEM|Privacy-Enhanced Mail]
{{{
openssl x509 -inform der -in certificate.cer -out certificate.pem
}}}

! Convert a [PEM|Privacy-Enhanced Mail]file to [DER|Distinguished Encoding Rules]
{{{
openssl x509 -outform der -in certificate.pem -out certificate.der
}}}

! Convert a [PKCS#12|PKCS12] file (.pfx .p12) containing a private key and certificates to [PEM|Privacy-Enhanced Mail]
{{{
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
}}}

You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

! Convert a [PEM] certificate file and a private key to [PKCS#12|PKCS12] (.pfx .p12)
{{{
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
}}}

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }] 
----
* [#1] - [The Most Common OpenSSL Commands|http://www.sslshopper.com/article-most-common-openssl-commands.htmltarget='_blank'] - based on 2013-11-19
</pre>