Convert Certificates KB ID 0001847
Problem
This post was written because of a follow up question in this article. How do you go about convert certificates? Sometimes you get a certificate issued or sent toy you that is in a format you cannot import, so you need to convert it. Regardless of whether you are a mac/Linux user or a Windows user, the tool that I find best to use is OpenSSL.
OpenSSL is built into macOS to use OpenSSL on Windows you need to download, install, then run the openssl.exe (usually form command line, but you can also run from PowerShell (Note: See comment below if you intend to use PowerShell).
Linux Note: To install OpenSSL, different flavours of Linux differ e.g. sudo apt-get install openssl should work in most cases.
Windows Note: Remember to change to the directory in which OpenSSL.exe resides before executing the following command(s). See the Windows Examples for clarification.
Solution : Convert Certificates
The most common form of issued x509 certificates have a .crt or a .cer extension, CRT is based on DER Distinguished Encoding Rules, and the other (CER) is based on PEM Privacy Enhanced Mail. OpenSSL can convert form one to the other. Note: Below I’ve shown the process on my mac and a Windows PC to illustrate the process is the same.
Convert Certificates CRT to CER
Use the following Syntax to convert from CRT to CER format. (Change the values in Red to match your source and destination certificate locations).
[box]
openssl x509 -inform PEM -outform DER -in /Users/petelong/CERTS/Source-Certificate.crt -out /Users/petelong/CERTS/Output-Certificate.cer
[/box]
Convert Certificates CER to CRT
Use the following Syntax to convert from CER to CRT format. (Change the values in Red to match your source and destination certificate locations).
[box]
openssl x509 -inform DER -outform PEM -in /Users/petelong/CERTS/Source-Certificate.cer -out /Users/petelong/CERTS/Output-Certificate.crt
[/box]
Convert Certificates CRT to PEM
Disclaimer: This is a bit of a misnomer, because .crt certificates are already in PEM format. You can simply open a .crt file and view it as a PEM file. Use the following Syntax to view a CRT in PEM format. (Change the values in Red to match your source and destination certificate locations).
[box]
Linux / macOS
cat /Users/petelong/CERTS/My-Certificate.crt
Windows
type C:/Certs/My-Certificate.crt
[/box]
Then copy the ‘text’ as shown in the examples above. DO NOT include any additional spaces (as shown above). And you have a PEM file you can paste this into a text editor and save it with a .pem extension if you need to ‘send’ it somewhere.
Can I simply rename .crt to .pem (YES YOU CAN)
Convert Certificates CER to PEM
This is slightly more complicated as .cer files are in DER format, if you try and open one with a text editor you will simply see gobbledegook. So you need to convert it into PEM format with he following syntax.
[box]
openssl x509 -inform DER -outform PEM -in /Users/petelong/CERTS/My-Certificate.cer -out /Users/petelong/CERTS/PEM-Certificate.pem
[/box]
Once that’s done (as above) you can simply open the .pem file in a text editor or cat (mac/Linux) or type (Windows) the content.
Converting Certificates (PowerShell)
Be Aware: When calling OpenSSL form a PowerShell command, you need to prefix the command with a ‘dot slash’ see the examples below for clarification.