Security Operations

How to Seamlessly Change the Format of Digital Certificates?

Read time: 5 minutes

There are many formats in which digital certificates can be downloaded or converted. Following are X.509 certificate encoding formats and extensions:

Binary

  • DER: .der, .cer
  • PKCS#12: .p12, pfx

Base64

  • PKCS#7: .p7c, .p7b
  • PEM: .crt, .ca-bundle, .pem

However, different certificate forms have no advantages or disadvantages. It all depends on the certificate’s format requirements for the application that will be using it.

PEM

  • A PEM (Privacy Enhanced Mail) file is a Base64-encoded certificate file used to verify a website’s security. It may contain a private key, a server certificate from a certificate authority (CA), or other trust chain certificates. PEM files are compatible with OpenSSL applications and are commonly imported from a Unix-based Apache Web server.
  • You can see the contents of a PEM file with the help of a text editor. The file has one or more headers that describe the information contained within it. A PEM file for a certificate includes the “—-BEGIN CERTIFICATE—-” and “—-END CERTIFICATE—-” statements.
  • A PEM file can have several certificates and private keys one after another.
  • Linux and Unix-based web servers typically use PEM files.
  • Commonly used extensions of PEM files are: .cer, .pem, .crt, .key

DER (Distinguished Encoding Rules)

  • A DER (Distinguished Encoding Rules) file is a binary format certificate file. As DER files can end in either .der or .cer, you will need to read the file with a text editor to tell the difference between DER.cer and PEM.cer. There should be no BEGIN/END statements in a DER file, or the binary information will be distorted.
  • The DER format can be used to encode both digital certificates and private keys.
  • DER files are generally used with java platforms.
  • Commonly used extensions of DER files are: .cer and .der

PKCS#7

  • PKCS#7 is a Base64-encoded certificate file. This format cannot be used to store private keys. Only digital certificates and Certificate Revocation List (CRL) can be stored in PKCS#7 file format.
  • A PKCS#7 file contains the “—-BEGIN PKCS7—-” and “—-END PKCS7—-” statements.
  • Commonly used extensions of PKCS#7 files are: .p7b and .p7c
  • Java Tomcat and Microsoft Windows platforms commonly use these files.

PKCS#12

  • PKCS#12 is a single password-protected binary file format that stores the server certificate, intermediate certificate, and private key. It refers to a personal information exchange format.
  • Windows platforms commonly use these files to import and export certificates and private keys.
  • Commonly used extensions are: .p12, ,pfx

Change Certificate Format By Changing The Extension

You can convert the following file format into different formats by changing the extensions.

PEM

You can change the PEM file format to the following formats by changing its extension:

  • .crt
  • .cer
  • .pem
  • .key

For Example: Convert the .crt certificate file into .pem file.

  1. Open the .crt certificate file in any text editor.

    Convert the .crt certificate
  2. Go to File.

  3. Click on Save As

  4. In Save as type “Select All Files.”

    Want to convert (.cer, .key, .pem, .crt).
  5. In the File name, enter the file name and the extension you want to convert (.cer, .key, .pem, .crt).

    .crt certificate file into .pem file
  6. click on Save.

DEM

You can change the DER file format to the following formats by changing its extension:

  • .der
  • .cer

For Example: Convert the .der certificate file into .cer file.

  1. Open the certificate in any text editor.

    Change the DER file format
  2. Go to File.

  3. Click on Save As

  4. In Save as type “Select All Files.”

    change the DER file format
  5. In the File name, enter the file name and the extension you want to convert (.cer, .der).

    extension you want to convert (.cer, .der).
  6. Click on Save As

    Cert file format change

Change Certificate Format Using OpenSSL

PEM

  • Convert PEM to DER: 

    You can convert the PEM certificate file format to DER by using the command below:

    $ openssl x509 -outform der -in certificate.pem -out certificate.der

    PEM certificate file format to DER
  • Convert PEM to P7B

    You can convert the PEM certificate file format to P7B by using the command below:

    $ openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CAcert.cer

  • Note: -certfile CAcert.cer is optional, use this if having more than one PEM certificates and wants to include into P7B file.

    PEM certificate file format to P7B
  • Convert PEM to PFX

    You can convert the PEM certificate file format to PFX by using the command below:

    $ openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CAcert.crt

    Note: -certfile CAcert.cer is optional, use this if having more than one PEM certificates and wants to include into PFX file.

    PEM certificate file format to PFX

DER

  • Convert DER (.crt, .cer, .der) to PEM:

    You can convert the DER certificate file format to PEM by using the command below:

    $ openssl x509 -inform der -in certificate.der -out certificate.pem

    Convert DER (.crt, .cer, .der) to PEM

P7B

  • Convert P7B to PEM

    You can convert the P7B certificate file format to PEM by using the command below:

    $ openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
    Convert the P7B certificate file format to PEM
  • Convert P7B to PFX

    You can convert the P7B certificate file format to PFX by using the two commands below:

    $ openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer $ openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CAcert.cer
  • Note: -certfile CAcert.cer is optional, use this if having more than one P7B certificates and wants to include into PFX file.

    Convert P7B to PFX

PFX

  • Convert PFX to PEM

    You can convert the PFX certificate file format to PEM by using the command below:

    $ openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

    Note: OpenSSL will combine all the Certificates and Private Keys into a single file when converting PFX to PEM format. You will need to open the file in Text Editor and copy each

    Certificate and Private key (including the BEGIN/END instructions) to its text file.

    convert the PFX certificate file format to PEM

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download
Encryption Services

About the Author

Shorya Goel is a Consultant at Encryption Consulting, working with PKIs, HSMs, and working as a consultant with high-profile clients.

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo