Various servers and control panels require SSL certificates in different file formats. You can convert between formats using the OpenSSL
package, commonly available on Linux and other systems.
PEM certificates are Base64 encoded and surrounded by the headers:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
This format is widely used by Linux-based servers such as Apache, Nginx, and web hosting control panels like cPanel, Plesk, and DirectAdmin. PEM certificates typically have the extensions: .pem
, .crt
, .cer
.
PKCS#7 files are also Base64 encoded and used primarily by Windows and Java-based servers. They contain certificates and chains but not private keys. A PKCS#7 file is enclosed with:
-----BEGIN PKCS7-----
-----END PKCS7-----
PKCS#12/PFX files are in binary format and can store both certificates and private keys, protected by a password. These files are typically used on Windows machines to transfer certificates between servers.
DER is a binary format, often used with Java platforms. The file may have the extension .der
or .cer
. To distinguish between PEM and DER, open the file in a text editor. If the file contains garbled content, it is in DER format.
Install Certificate
.Current User
and click Next.Place all certificates in the following store
and click Browse.Personal
and click OK.1. Open certmgr.msc (Windows + R). 2. Expand Personal -> Certificates. 3. Right-click your certificate -> All Tasks -> Export. 4. Select Base-64 encoded X.509 (.cer) and save the file. 5. Rename the extension to .pem if required.
If you're using OpenSSL, run the following command to convert a DER-formatted certificate to PEM:
openssl x509 -inform der -in certificate.der -out certificate.pem
SSL certificates come in various formats, typically following the X.509 standard. Common extensions include:
-----BEGIN CERTIFICATE-----
and -----END CERTIFICATE-----
tags.There is no technical difference between .cer
and .crt
file extensions. Both can be in PEM or DER format. However, the required extension may vary by server.
Different servers require different certificate formats:
.pfx
or .p12
formats..crt
or .cer
(PEM)..p7b
for Java-based servers.