How do I convert the format of a certificate? - Certificate Management Service

Different web servers support different formats of certificates. Before you can install an issued certificate on your web server, you must convert the format of the certificate to suit your web server. This topic describes how to convert the format of a certificate.

You can convert the format of a certificate by using the following methods:

Convert a JKS certificate file to a PFX certificate file
You can convert a JKS certificate file to a PFX certificate file by using the Keytool tool that comes with Java Development Kit (JDK). For example, you can run the following command to convert the cert_name.jks certificate file to the cert_name.pfx certificate file:
```
keytool -importkeystore -srckeystore D:\<cert_name>.jks -destkeystore D:\<cert_name>.pfx -srcstoretype JKS -deststoretype PKCS12
```
Note
- In this example, the certificate name is cert_name. The name of the certificate authority (CA) certificate file is cert_name.pem, and the name of the private key file is cert_name.key. In actual scenarios, you must replace cert_name with the name of your certificate.
- Keytool is a key management tool that comes with JDK. Keytool allows you to create keystore files in the JKS format for certificates. To obtain Keytool, you can download JDK from Java Downloads. In most cases, Keytool is stored in the JDK\jre\bin\security\ directory.
Convert a PFX certificate file to a JKS certificate file
You can convert a PFX certificate file to a JKS certificate file by using the Keytool tool that comes with JDK. For example, you can run the following command to convert the cert_name.pfx certificate file to the cert_name.jks certificate file:
```
keytool -importkeystore -srckeystore D:\<cert_name>.pfx -destkeystore D:\<cert_name>.jks -srcstoretype PKCS12 -deststoretype JKS
```
Convert a PEM, KEY, or CRT certificate file to a PFX certificate file
You can use the OpenSSL tool to convert a KEY private key file and a PEM or CRT CA certificate file to a PFX certificate file. For more information, visit OpenSSL. For example, you can copy your KEY private key file cert_name.key and PEM CA certificate file cert_name.pem to the installation directory of the OpenSSL tool. Then, run the following command to convert the files to the cert_name.jks certificate file:
```
openssl pkcs12 -export -out <cert_name>.pfx -inkey <cert_name>.key -in <cert_name>.pem
```
Convert a PFX certificate file to a PEM, KEY, or CRT certificate file
You can use the OpenSSL tool to convert a PFX certificate file to a KEY private key file and a PEM or CRT CA certificate file. For more information, visit OpenSSL. For example, you can copy your PFX certificate file cert_name.pfx to the installation directory of the OpenSSL tool. Then, run the following commands to convert the PFX certificate file to a CA certificate file cert_name.pem and a KEY private key file cert_name.key:
1. Run the openssl pkcs12 -in <cert_name>.pfx -nokeys -out <cert_name>.pem command.
2. Run the openssl pkcs12 -in <cert_name>.pfx -nocerts -out <cert_name>.key -nodes command.
Convert a CER certificate file to a PEM certificate file
You can use the OpenSSL tool to convert a CER certificate file to a PEM certificate file. For more information, visit OpenSSL. For example, you can copy your CER certificate file cert_name.cer to the installation directory of the OpenSSL tool. Then, run the following command to convert the CER certificate file to the cert_name.pem certificate file:
```
openssl x509  -in <cert_name>.cer -out <cert_name>.pem  -outform PEM
```
Convert a PEM certificate file to a CER certificate file
You can use the OpenSSL tool to convert a PEM certificate file to a CER certificate file. For more information, visit OpenSSL. For example, you can copy your PEM certificate file cert_name.pem to the installation directory of the OpenSSL tool. Then, run the following command to convert the PEM certificate file to the cert_name.cer certificate file:
```
openssl x509 -in <cert_name>.pem -out <cert_name>.cer  -outform DER
```