Various servers and control panels may necessitate SSL certificates in distinct file formats. To convert certificates from one format to another, you can utilize the OpenSSL package, commonly accessible on Linux machines.
The certificates we issue are typically in x.509 format, which is a version of the ASN.1 file encoding standard. In this article, we will discuss file formats that vary based on encoding rules.
Overall, the following certificate file formats can be distinguished:
PEM
PEM is a base64 encoded certificate placed between the headers —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–. It is the most widespread certificate format, which is mostly used by Linux-based servers, like Apache, Nginx, and by the majority of webhosting control panels (cPanel, Plesk, DirectAdmin, WebMin, etc.). PEM certificates may have the following file extensions: *.pem, *.crt, *.cer. Comodo CA (now Sectigo CA) sends out their certificates in PEM, if any server type except ‘Microsoft Internet Information Server’ (Microsoft IIS) is chosen during the certificate activation.
FURTHER READING: |
| 1. SSL Certificate Installation in Plesk 12 |
| 2. How to Install SSL Certificate on Mac OS X/Yosemite/El Capitan |
| 3. How to Install SSL Certificate through cPanel |
PKCS#7
PKCS#7 is another certificate with Base64 encoding that is used generally by Windows and Java-based Tomcat servers, and may contain domain end-entity certificate and CA chain certificates. If you open a PKCS#7 file in a text editor, you can see the encoded text between —–BEGIN PKCS7—– and —–END PKCS7—– tags. The most common extensions are: *.p7b, *.p7s, *.cer. The certificate in PKCS#7 format can be retrieved from Comodo CA (now Sectigo CA), if you choose ‘Microsoft Internet Information Server’ as a server type during the certificate activation.
PKCS#12/PFX
PKCS#12/PFX is a file in binary format that contains the certificate with a corresponding private key and is protected by a password. Optionally, the file can include the CA chain certificates as well. Usually, PFX certificates are used on Windows machines, and are essential for transferring the certificate from one Windows server to another. The file extensions are: *.p12 and *.pfx.
To convert the certificates into different formats, you can use the following commands:
From PEM to PKCS#7:
openssl crl2pkcs7 -nocrl -certfile your_pem_certificate.crt -out your_pkcs7_certificate.p7b -certfile CA-bundle.crt
From PKCS#7 to PEM:
openssl pkcs7 -print_certs -in your_pkcs7_certificate.p7b -out your_pem_certificates.pem
Note: If PKCS#7 file included the chain certificates, the newly generated .pem file would include them as well, separately.
From PEM to PFX:
openssl pkcs12 -export -out your_pfx_certificate.pfx -inkey your_private.key -in your_pem_certificate.crt -certfile CA-bundle.crt
You will be also prompted to specify the password for the PFX file. Make sure you remember the password, it will be used when you need to import the PFX to a new server.
From PFX to PEM:
openssl pkcs12 -in your_pfx_certificate.pfx -out your_pem_certificates_and_key.pem -nodes
You will be asked to specify the password that was used when creating the PFX file you are converting. The obtained PEM file will contain the certificate, chain certificates (optionally) and the private key.
Leverage 1Byte’s strong cloud computing expertise to boost your business in a big way
1Byte provides complete domain registration services that include dedicated support staff, educated customer care, reasonable costs, as well as a domain price search tool.
Elevate your online security with 1Byte's SSL Service. Unparalleled protection, seamless integration, and peace of mind for your digital journey.
No matter the cloud server package you pick, you can rely on 1Byte for dependability, privacy, security, and a stress-free experience that is essential for successful businesses.
Choosing us as your shared hosting provider allows you to get excellent value for your money while enjoying the same level of quality and functionality as more expensive options.
Through highly flexible programs, 1Byte's cutting-edge cloud hosting gives great solutions to small and medium-sized businesses faster, more securely, and at reduced costs.
Stay ahead of the competition with 1Byte's innovative WordPress hosting services. Our feature-rich plans and unmatched reliability ensure your website stands out and delivers an unforgettable user experience.
As an official AWS Partner, one of our primary responsibilities is to assist businesses in modernizing their operations and make the most of their journeys to the cloud with AWS.
From PKCS#7 to PFX:
To convert a certificate from PKCS#7 to PFX, the certificate should be first converted into PEM:
openssl pkcs7 -print_certs -in your_pkcs7_certificate.p7b -out your_pem_certificates.pem
After that, the certificate can be converted into PFX.
openssl pkcs12 -export -out your_pfx_certificate.pfx -inkey your_private.key -in your_pem_certificate.crt
Alternatively, the certificates can be converted using this SSL Converter tool.