Different web servers support different formats of certificates. Before you can install an issued certificate on your web server, you must convert the format of the certificate to suit your web server. This topic describes how to convert the format of a certificate.

You can convert the format of a certificate by using the following methods:
  • Convert a JKS certificate file to a PFX certificate file
    You can convert a JKS certificate file to a PFX certificate file by using the Keytool tool that comes with Java Development Kit (JDK). For example, you can run the following command to convert the cert_name.jks certificate file to the cert_name.pfx certificate file:
    keytool -importkeystore -srckeystore D:\<cert_name>.jks -destkeystore D:\<cert_name>.pfx
            -srcstoretype JKS -deststoretype PKCS12
    Note
    • In this example, the certificate name is cert_name. The name of the certificate authority (CA) certificate file is cert_name.pem, and the name of the private key file is cert_name.key. In actual scenarios, you must replace cert_name with the name of your certificate.
    • Keytool is a key management tool that comes with JDK. Keytool allows you to create keystore files in the JKS format for certificates. To obtain Keytool, you can download JDK from Java Downloads. Keytool is usually stored in the JDK\jre\bin\security\ directory.
  • Convert a PFX certificate file to a JKS certificate file
    You can convert a PFX certificate file to a JKS certificate file by using the Keytool tool that comes with JDK. For example, you can run the following command to convert the cert_name.pfx certificate file to the cert_name.jks certificate file:
    keytool -importkeystore -srckeystore D:\<cert_name>.pfx -destkeystore D:\<cert_name>.jks
            -srcstoretype PKCS12 -deststoretype JKS
  • Convert a PEM, KEY, or CRT certificate file to a PFX certificate file
    You can use the OpenSSL tool to convert a KEY private key file and a PEM or CRT CA certificate file to a PFX certificate file. For more information, visit OpenSSL. For example, you can copy your KEY private key file cert_name.key and PEM CA certificate file cert_name.pem to the installation directory of the OpenSSL tool. Then, run the following command to convert the files to the cert_name.jks certificate file:
    openssl pkcs12 -export -out <cert_name>.pfx -inkey <cert_name>.key -in <cert_name>.pem
  • Convert a PFX certificate file to a PEM, KEY, or CRT certificate file
    You can use the OpenSSL tool to convert a PFX certificate file to a KEY private key file and a PEM or CRT CA certificate file. For more information, visit OpenSSL. For example, you can copy your PFX certificate file cert_name.jks to the installation directory of the OpenSSL tool. Then, run the following commands to convert the PFX certificate file to a CA certificate file cert_name.pem and a KEY private key file cert_name.key:
    openssl pkcs12 -in <cert_name>.pfx -nokeys -out <cert_name>.pem
    openssl pkcs12 -in <cert_name>.pfx -nocerts -out <cert_name>.key -nodes