SSL Convert

Our SSL Converter allows you to quickly and easily convert SSL Certificates into 6 formats such as PEM, DER, PKCS#7, P7B, PKCS#12 and PFX. Depending on the server configuration (Windows, Apache, Java), it may be necessary to convert your SSL certificates from one format to another.

Microsoft Windows servers use .pfx files
Apache servers use .crt, .cer

If one of your certificates is not in the correct format, please use our SSL converter:

How to use the SSL converter, just select your certificate file and its current format type or drag the file extension so that the converter detects the certificate type, then select the certificate type you want to convert it to and click on Convert Certificate. For certificates with private keys select the file in the dedicated field and type your password if necessary. For more information about the different types of SSL certificates and how you can convert certificates on your computer using OpenSSL, you will find all the necessary information below.

Certificate conversion

The different SSL certificate formats

PEM Format

The PEM format is the most common format among SSL certificates issued by certification authorities. This type of certificate contains the following lines : "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----". Certificates with the .pem extension are identical to the .crt or .cer extensions.
It is thus possible for you to modify the extension of these files. PEM certificates can contain both the certificate and the private key in the same file. However, most servers like Apache want you to separate them into separate files.

PEM certificates have the .pem, .crt, .cer and .key extensions
They are encoded in ASCII Base64 format
They are generally used for Apache servers or similar configurations

DER Format

The DER format is simply a binary form of a certificate at the expense of the ASCII PEM format. There are often two forms of extension in .cer and .der The only way to determine the difference between a DER .cer file and a PEM .cer file is to open it in a text editor and check for the BEGIN/END text
Both types of certificates and private keys can be encoded in DER format. DER is usually used with Java platforms. If you need to convert a private key to DER format, you can use the OpenSSL commands on this site

PKCS#7 and P7B Format

The PKCS#7 or P7B format is encoded in ASCII Base64 format. This type of certificate contains the following lines: "-----BEGIN PKCS7-----" et "-----END PKCS7-----". The particularity of the p7B file is that it only contains certificates and string certificates and not the private key.

They have the .p7b and .p7c extensions
They are generally used for Microsoft windows and Java Tomcat servers

PKCS#12 and PFX Format

The PKCS#12 or PFX format is encoded in binary format. This type of certificate stores the server certificate as well as the intermediate certificates and the private key in a single encrypted file.

PFX files usually come with extensions such as .pfx, .p12 or .pkcs#12. You can rename the extension of .pfx files to .p12 and vice versa. PFX formats are typically used on Windows servers to import and export certificates and private keys.

When converting a PFX file to a PEM file, all certificates and the private key are integrated into a single file. It will be necessary to separate the different parts of the file into separate files. To do this, here is the method:"

To do this, it is necessary to open the file in a text editor and copy each certificate and private key (including the BEGIN/END statements) into an individual text file and save them as certificate.cer, CACert.cer and privateKey.key respectively.

Find the cheapest SSL certificates on the web

Advice and technical support in English included

Sectigo PositiveSSL

Protects One domain

Buy a

Certificate

$ 6 / year

Order now

RapidSSL Wildcard (*.domaine.com)

Protects One domain

Buy a

Certificate

$ 70 / year

Order now

EssentialSSL Wildcard (*.domaine.com)

Protects all subdomains

Buy a

Certificate

$ 90 / year

Order now

How to choose my SSL certificate? Code Signing Certificates Email Signing Certificates Document Signing Certificates Test my certificate Need help purchasing your certificate? See all SSL certificates

OpenSSL commands for your conversion

It is recommended to convert your files directly using OpenSSL commands to keep your private key secret. To do this, please use the following commands to convert your files into different formats. If this has been impossible for you, rest assured, our SSL converter ensures you complete protection of your data, which is never stored.

Convert PEM

PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

PEM to P7B

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Convert DER

DER(.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

DER to CER

openssl x509 -inform der -in certificat-ssl.der -out certificat-ssl.cer

Convert P7B

P7B to PEM

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

P7B to PFX

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

P7B to CER

openssl pkcs7 -print_certs -in certificat-ssl.p7b -out certificat-ssl.cer

Convert PFX

PFX to PEM

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

Convert CER

CER to P7B

openssl crl2pkcs7 -nocrl -certfile certificat-ssl.cer -certfile cert-intermediaire.cer -certfile cert-racine.cer -out certificat-ssl.p7b

CER to PFX

openssl pkcs12 -in certificat-ssl.cer -certfile cert-intermediaire.cer -certfile cert-racine.cer -inkey cle-privee.key -export -out certificat-ssl.pfx

CER to DER

openssl x509 -in certificat-ssl.cer -outform der -out certificat-ssl.der