Knowledgebase: SSL
Convert the Format of SSL Certificate (using OpenSSL)
Posted by Valarie S. on 23 June 2021 09:44 AM

Sometimes, a certificate authority (CA) provides certificate in an unsupported format. Therefore, one needs to convert it into supported format. With the help of OpenSSL commands, you can easily do that.

The following series of OpenSSL commands allows you to convert SSL certificate in various formats on your own machine.

OpenSSL commands to convert PEM file

Convert PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.der

Convert PEM to P7B
openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

Convert PEM to PFX
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

You will be also prompted to specify the password for the PFX file. Make sure you remember the password, it will be used when you need to import the PFX to a new server.

OpenSSL commands to convert DER file

Convert DER to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem

OpenSSL commands to convert P7B file

Convert P7B to PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

Convert P7B to PFX
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

OpenSSL commands to convert PFX file

Convert PFX to PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

You will be asked to specify the password that was used when creating the PFX file you are converting. The obtained PEM file will contain the certificate, chain certificates (optionally) and the private key.

OpenSSL commands to convert PKCS#7 file

1. To convert a certificate from PKCS#7 to PFX, the certificate should be first converted into PEM:
openssl pkcs7 -print_certs -in your_pkcs7_certificate.p7b -out your_pem_certificates.pem

2. After that, the certificate can be converted into PFX.
openssl pkcs12 -export -out your_pfx_certificate.pfx -inkey your_private.key -in your_pem_certificate.crt

(0 vote(s))
Not helpful

Comments (0)
Copyright © 1998 - 2021 Shinjiru International Inc. All Rights Reserved.