All Products
Search
Document Center

:Convert HTTPS certificates in different formats to PEM format

Last Updated:Oct 14, 2021

Overview

The certificate file (*.pem) in the PEM format consists of the Base64-encoded binary content, the starting line (-----BEGIN CERTIFICATE-----), and the ending line (-----END CERTIFICATE-----). This topic describes how to convert HTTPS certificates in different formats to the PEM format.

Background information

Convert CER or CRT format certificates to PEM format

For certificates in CER or CRT format, you can directly modify the certificate file name extension to convert them into PEM format. For example, you can rename the server.crt certificate file to server.pem.

Convert certificates in the PFX format to the PEM format

Certificates in PFX format generally appear in Windows Server servers. You can use the OpenSSL tool to convert them. Run the following two OpenSSL commands to convert a PFX format certificate into a PEM format certificate:

  • Command to extract only the private key file: openssl pkcs12 -in [$Cert_Name.pfx] -nocerts -out key.pem -nodes
    Note:
    • [$Cert_Name.pfx] is the PFX format certificate to be converted.
    • key.pem is the extracted private key file.

  • Command to extract only the public key file: openssl pkcs12 -in [$Cert_Name.pfx] -nokeys -out cert.pem
    Note :cert.pem is the extracted public key file.
  • Commands to extract public and private key merge files: openssl pkcs12 -in [$Cert_Name.pfx] -nodes -out all.pem

Convert certificates in the P7B format to the PEM format

P7B certificates are generally available in Windows servers and Tomcat servers. You can use the OpenSSL tool to convert certificates. Follow these steps to convert a P7B format certificate to a PEM format certificate.

  1. Run the following command to convert the P7B format certificate file into a CER file:
    openssl pkcs7 -print_certs -in [$Incertificat.p7b] -out [$Outcertificate.cer]
    Note:
    • [$Incertificat.p7b] is the P7B format certificate to be converted.
    • [$Outcertificate.cer] is the converted PEM certificate.

  2. Only the certificate content that starts with "----- BEGIN CERTIFICATE -----" and ends with "----- END CERTIFICATE -----" in the CER file is retained as follows.
    -----BEGIN CERTIFICATE-----
    MIIE5zCCA8+gAwIBAgIQN+whYc2BgzAogau0dc3PtzANBgkqh......
    -----END CERTIFICATE-----

  3. Then change the extension of the CER file to .pem.

Convert certificates in the DER format to the PEM format

DER format certificates generally appear in the Java platform. You can use OpenSSL tools to convert them into PEM format. By executing the following two OpenSSL commands, the DER format certificate is converted to the PEM format.

  • Command to extract only the public key file: openssl x509 -inform der -in certificate.der -out certificate.pem
    Note :certificate.der is a certificate in the DER format and certificate.pem is a converted certificate in the PEM format. The specific documents are subject to the actual environment.
  • Command to extract only the private key file: openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem
    Note :privatekey.der is a DER certificate. privatekey.pem is a converted PEM certificate. The specific documents are subject to the actual environment.

References

For more information about certificate formats, see What are the mainstream digital certificate formats.

Applicable scope

  • Anti-DDoS Pro and Anti-DDoS Premium
  • SSL Certificates Service