SSL Certificate Conversion Guide

Introduction

SSL certificates are used to secure communications between clients and servers. However, different systems require certificates in specific formats. This guide will help you convert SSL certificates into different formats using OpenSSL and other methods. Here's a breakdown of the most commonly used certificate formats and their conversions.

Common Certificate Formats

Converting Certificates

The conversion of certificates between formats can be done using OpenSSL. Here's how you can convert between various formats:

Convert DER to PEM

openssl x509 -inform der -in certificate.der -out certificate.pem

Convert PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.pem -certfile CA.pem

Convert PFX to PEM

openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes
Note: Ensure that your certificate and private key are properly linked before converting them into PFX format.

Windows Certificate Conversion (PEM)

Follow these steps to convert a certificate on a Windows machine:

  1. Right-click the certificate and select Install Certificate.
  2. Select Current User and click Next.
  3. Choose Place all certificates in the following store and click Browse.
  4. Select Personal and click OK.
  5. Complete the installation process by clicking Next and Finish.
  6. Open the certmgr.msc tool by pressing Win + R and typing certmgr.msc.
  7. Locate the certificate under PersonalCertificates, right-click it, and select All TasksExport.
  8. Choose Base-64 encoded X.509 (.cer) and save the file.
  9. Change the file extension from .cer to .pem.

Linux Certificate Conversion (PEM)

On Linux, you can use OpenSSL to handle conversions. Below are a few common conversion commands:

Install OpenSSL (if not already installed)

sudo apt install openssl

Convert DER to PEM

openssl x509 -inform der -in certificate.der -out certificate.pem

Convert PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.pem -certfile CA.pem

X.509 Certificate Extensions

Certificates are often identified by their extensions. Here's a list of common extensions and what they signify:

Additional Notes

When working with certificates, remember the following: