The SSL certificate is deployed on the server, and different servers may have different requirements for the format of the SSL certificate. Common SSL certificate formats are PKCS#8, DER, X509, PEM, CER/CRT, PFX, P7B, etc. How to convert these SSL certificate formats to appropriate formats? The reference method is as follows:
Note: need to use third-party tools (such as OpenSSL) for conversion
1) Convert X509 to PEM
openssl x509 -in certificatename.cer -outform PEM -out certificatename.pem
2) Convert PEM to DER
openssl x509 -outform der -in certificatename.pem -out certificatename.der
3) Convert DER to PEM
openssl x509-notify der-input certificatename.der -out certificate name.pem
4) Convert PEM to P7B
openssl crl2pkcs7 -nocrl -certfile certificate name.pem -out certificate name.p7b -certfile CACert.cer
Note: PKCS#7 or P7B format is stored in Base64 ASCII format, and the file extension is .p7b or .p7c.
The P7B file contains only the certificate and chain certificate (intermediate CA), not the private key. The most common platforms that support P7B files are Microsoft Windows and Java Tomcat.
5) Convert PKCS7 to PEM
openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.pem
6) Convert pfx to PEM
openssl pkcs12 -in certificatename.pfx -out certificatename.pem
Note: PKCS#12 or PFX format is a binary format used to store the server certificate, intermediate certificate and private key in an encryptable file. PFX files usually have .pfx and .p12 extensions. PFX files are usually used on Windows computers to import and export certificates and private keys.
7) Convert PFX to PKCS#8
Note: Two commands are needed here to complete
Step 1: Convert PFX to PEM
openssl pkcs12 -in certificatename.pfx -nocerts -nodes -out certificatename.pem
Step 2: Convert PEM to PKCS8
openSSL pkcs8 -in certificatename.pem -topk8 -nocrypt -out certificatename.pk8
8) Convert P7B to PFX
Note: Two commands are needed here to complete
Step 1: Convert P7B to CER
openssl pkcs7 -print_certs -in certificate name.p7b -out certificate name.cer
Step 2: Convert CER and private key to PFX
openssl pkcs12-导出-in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer
The above is the conversion method of the SSL certificate format . You can perform related conversions according to your needs.