Certificate Format Converter
Base64 ASCII · .pem
Binary ASN.1 · .der
Please Note: Encryption Consulting LLC does not possess, store, or retain any data entered into this converter. All inputs, including certificate files and private keys, are processed locally in your browser and are not saved.
Frequently Asked Questions
Everything you need to know about converting certificate formats. Can't find the answer you're looking for? Send us an email and we'll get back to you as soon as possible!
How to convert a certificate using EC's Certificate Format Converter Tool?
Using the Certificate Format Converter is straightforward. Follow these three steps:
Upload a .pem, .crt, .cer, .der, .pfx, or .p7b file. The tool auto-detects the format and shows the certificate details.
Use the TO dropdown to select the format you want to convert to — PEM, CRT, DER, CER, PKCS#7, or PKCS#12.
Click Convert. The converted file is processed entirely in your browser and saved to your device.
To generate a certificate signing request before conversion, you can use our CSR Generator Tool.
What are the key differences between PEM, DER, CRT, CER, PKCS7, and PKCS12 certificate formats?
Certificate formats differ in encoding, structure, and what they can contain:
PEM is a Base64-encoded certificate format stored as a text file. Commonly used on Linux, Apache, and NGINX. Extensions include .pem, .crt, .cer, or .key.
DER is the binary-encoded version of a certificate and is not human-readable. Used by Windows environments, Java, and network devices. Extensions: .der or .cer.
CRT/CER are extensions rather than unique formats — a file may be either PEM or DER encoded. Commonly used for SSL/TLS certificates on Linux and web servers.
PKCS#7 stores one or more certificates and certificate chains without private keys. Used for certificate distribution. Extensions: .p7b or .p7c.
PKCS#12 bundles certificates, private keys, and chains into a single password-protected file. Common extensions: .pfx and .p12.
What are the real-world use cases that require certificate format conversion?
Certificate format conversion is required across a wide range of infrastructure, development, and security workflows:
Linux-based servers like Apache and Nginx require PEM format, while IIS expects PKCS12.
Azure Key Vault and AWS ACM require PKCS12 when bundling certificates with private keys. Kubernetes TLS Secrets and HAProxy demand PEM.
Android and Java keystores require DER; iOS signing uses PKCS12 to bundle the certificate and private key.
Group Policy distribution requires DER .cer files; ADCS renewal requires PKCS7 (.p7b).
HSMs store DER; Windows code signing uses PKCS12; OpenSSL inspection requires PEM or DER.
Which formats support private keys?
Private keys can be stored in PEM and PKCS#12 (PFX/P12) formats. PKCS#12 is designed to securely bundle certificates, private keys, and chains in a single password-protected file.
DER, CRT, CER, and PKCS#7 contain certificates and certificate chains only and do not store private keys.