How to convert SSL certificate in Linux/CentOS?


To convert certificates from one format to different formats, one needs to have the OpenSSL Linux package installed. OpenSSL package is installed on  Airwave by default.


Use the below commands  to convert certificates and keys to different formats to make them compatible with specific types of servers or software.


Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEM file to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt


The names of the certificates vary depending on how the user gets them from the Certificate Authority. The location where the certificate needs to be stored can be added in the command as well.

For example:

openssl x509 -inform der -in /tmp/certificate.cer -out /tmp/certificate.pem

In the command above /tmp is the location directory where the certificate is placed.


Install the converted certificates as required to verify that the conversion was successful

Version history
Revision #:
2 of 2
Last update:
‎03-18-2017 11:27 AM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: