How to Change Format of Digital Certificates?

    How to Change Format of Digital Certificates?
    19 Jul 2021

    How to Change Format of Digital Certificates?

    /
    Posted By

    Read time: 4 minutes, 33 seconds

    There are many formats in which digital certificates can be downloaded or converted. Following are X.509 certificate encoding formats and extensions:

    Binary

    • DER: .der, .cer
    • PKCS#12: .p12, pfx

    Base64

    • PKCS#7: .p7c, .p7b
    • PEM: .crt, .ca-bundle, .pem

    However, different certificate forms have no advantages or disadvantages. It all depends on the certificate’s format requirements for the application that will be using it.

    PEM

    • A PEM (Privacy Enhanced Mail) file is a Base64-encoded certificate file used to verify a website’s security. It may contain a private key, a server certificate from a certificate authority (CA), or other trust chain certificates. PEM files are compatible with OpenSSL applications and are commonly imported from a Unix-based Apache Web server.
    • You can see the contents of a PEM file with the help of a text editor. The file has one or more headers that describe the information contained within it. A PEM file for a certificate includes the “—-BEGIN CERTIFICATE—-” and “—-END CERTIFICATE—-” statements.
    • A PEM file can have several certificates and private keys one after another.
    • Linux and Unix-based web servers typically use PEM files.
    • Commonly used extensions of PEM files are: .cer, .pem, .crt, .key

    DER (Distinguished Encoding Rules)

    • A DER (Distinguished Encoding Rules) file is a binary format certificate file. As DER files can end in either .der or .cer, you will need to read the file with a text editor to tell the difference between DER.cer and PEM.cer. There should be no BEGIN/END statements in a DER file, or the binary information will be distorted.
    • The DER format can be used to encode both digital certificates and private keys.
    • DER files are generally used with java platforms.
    • Commonly used extensions of DER files are: .cer and .der

    PKCS#7

    • PKCS#7 is a Base64-encoded certificate file. This format cannot be used to store private keys. Only digital certificates and Certificate Revocation List (CRL) can be stored in PKCS#7 file format.
    • A PKCS#7 file contains the “—-BEGIN PKCS7—-” and “—-END PKCS7—-” statements.
    • Commonly used extensions of PKCS#7 files are: .p7b and .p7c
    • Java Tomcat and Microsoft Windows platforms commonly use these files.

    PKCS#12

    • PKCS#12 is a single password-protected binary file format that stores the server certificate, intermediate certificate, and private key. It refers to a personal information exchange format.
    • Windows platforms commonly use these files to import and export certificates and private keys.
    • Commonly used extensions are: .p12, ,pfx

    Change Certificate Format By Changing The Extension

    You can convert the following file format into different formats by changing the extensions.

    PEM: you can change the PEM file format to the following formats by changing its extension:

    • .crt
    • .cer
    • .pem
    • .key

    For Example:
    Convert the .crt certificate file into .pem file.

    .crt to .pem-1

    1. Open the .crt certificate file in any text editor.

    2. Go to File.

    3. Click on Save As

    4. In Save as type “Select All Files.”

    .crt to .pem-3

    5. In the File name, enter the file name and the extension you want to convert (.cer, .key, .pem, .crt).

    .crt to .pem-4

    6. Click on Save.

    .crt to .pem-5

    DER: you can change the DER file format to the following formats by changing its extension:

    • .der
    • .cer

    For Example:
    Convert the .der certificate file into .cer file.

    .der to .cer-1

    1. Open the certificate in any text editor.

    .der to .cer-2

    2. Go to File.

    3. Click on Save As

    4. In Save as type “Select All Files.”

    .der to .cer-3

    5. In the File name, enter the file name and the extension you want to convert (.cer, .der).

    6. Click on Save.

    .der to .cer-5

    Change Certificate Format Using OpenSSL

    PEM

    • Convert PEM to DER: You can convert the PEM certificate file format to DER by using the command below:
      $ openssl x509 -outform der -in certificate.pem -out certificate.der
    pem to der
    • Convert PEM to P7B: You can convert the PEM certificate file format to P7B by using the command below:
      $ openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CAcert.cer
    • Note: -certfile CAcert.cer is optional, use this if having more than one PEM certificates and wants to include into P7B file.
    pem to p7b
    • Convert PEM to PFX: You can convert the PEM certificate file format to PFX by using the command below:
      $ openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CAcert.crt
    • Note: -certfile CAcert.cer is optional, use this if having more than one PEM certificates and wants to include into PFX file.
    pem to pfx

    DER

    • Convert DER (.crt, .cer, .der) to PEM: You can convert the DER certificate file format to PEM by using the command below:
      $ openssl x509 -inform der -in certificate.der -out certificate.pem
    der to pem

    P7B

    • Convert P7B to PEM: You can convert the P7B certificate file format to PEM by using the command below:
      $ openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
    p7b to pem
    • Convert P7B to PFX: You can convert the P7B certificate file format to PFX by using the two commands below:
      $ openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
      $ openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CAcert.cer

    • Note: -certfile CAcert.cer is optional, use this if having more than one P7B certificates and wants to include into PFX file.
    p7b to pfx

    PFX

    • Convert PFX to PEM:You can convert the PFX certificate file format to PEM by using the command below:
      $ openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
    • Note: OpenSSL will combine all the Certificates and Private Keys into a single file when converting PFX to PEM format. You will need to open the file in Text Editor and copy each Certificate and Private key (including the BEGIN/END instructions) to its text file.
    pfx to pem

    Want to learn from PKI Experts

    We train some of the biggest names in the industry through virtual & Live Classes

    Get a Free Quote for your PKI services

    Free Downloads for PKI services