212

I have a .cer certificate and I would like to convert it to the .pem format.

If I remember correctly, I used to be able to convert them by exporting the .cer in Base64, then renaming the file to .pem .

How do I convert a .cer certificate to .pem?

Stevoisiak
  • 123
systempuntoout
  • 2,265

6 Answers6

339

Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Source

Craig Watson
  • 9,790
HUB
  • 6,980
25

To convert a .cer file to .pem, open a terminal and run the following command:

openssl x509 -inform der -in certificate.cer -outform pem -out certificate.pem

Replace "certificate.cer" with the name of the source certificate file you want to convert, and "certificate.pem" with the name you want for the converted certificate.

djdomi
  • 2,287
Akhilesh
  • 351
21

Answer

  • If your certificate is exported with DER encoding, then use the accepted answer:

    openssl x509 -inform der -in certificate.cer -out certificate.pem

  • If your certificate is exported with Base-64 encoding, then rename the file's extension from .cer to .pem since the file is already in .pem format.

How to tell that your .cer file is in .pem format?

See this stack-o answer, quoted here:

A .pem format certificate file will most likely be ASCII-readable. It will have a line that starts with:
-----BEGIN CERTIFICATE-----
...followed by Base-64 encoded data, followed by a
-----END CERTIFICATE-----
at the end. There may be other lines before or after.

For example, a .pem certificate (shortened):

-----BEGIN CERTIFICATE-----
MIIG6DCCBNCgAwIBAgITMgAAGCeh8HZoCVDcnwAAAAAYJzANBgkqhkiG9w0BAQsF
ADBAMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxEzARBgoJkiaJk/IsZAEZFgNkb3Ix
EjAQBgNVBAMTCURPUi1TVUJDQTAeFw0yMDA1MDExNTI0MTJaFw0yMjA1MDExNTI0
MTJaMBYxFDASBgNVBAMTC3dwZG9yd2VibDE2MIIBIjANBgkqhkiG9w0BAQEFAAOC
...
-----END CERTIFICATE-----
Al Dass
  • 103
David
  • 464
17

When openssl is not available on your system you could alternatively convert certificates with the java keytool.

However you have to create a java keystore (JKS) first. The certificates can then be imported and exported in different formats.

keytool -genkey -alias test -keystore <key store file>
keytool -delete -alias test -keystore <key store file>

Converting from DER to PEM:

keytool -import -trustcacerts -alias test -file <der certificate file> -keystore test.keystore 
keytool -exportcert -alias test -file <pem certificate file> -rfc -keystore test.keystore

This blog post explains how to convert certificate formats in detail

Marcel Friedmann
  • 351
9

We mustn't forget that Windows can do this natively:

certutil.exe -encode <der file> <pem file>

and in the other direction:

certutil.exe -decode <pem file> <der file>

It works with certificates and PKCS#10 requests.

garethTheRed
  • 5,429
0

Just changing the file extension worked for me:

mv filename.cer filename.pem

Mohan
  • 101