sslsd-logo
sslsd-logo

OpenSSL Commands

OpenSSL is used for many things other than running encryption on a website. It is also used for the generation of CSR keypairs, and more importantly within this article converting.

The Italic parts in the conversions below are examples of you own files, or your own unique naming conventions adapt these Italic name examples to your own files names for openssl commands.
Note: .pem, .cer, crt. are all the same type of x509/pem certificate only with different extensions.

Obtain OpenSSL:

Note: In order for OpenSSL software successfully installed on a computer system. You must have local system administrator privilege on the computer.

  1. Download and install OpenSSL to perform a certificate conversion.

Use the following OpenSSL commands to convert SSL certificate to different formats on your own machine

OpenSSL Commands-

OpenSSL Convert PEM

Convert PEM to DER:

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert PEM to P7B:

openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

Convert PEM & Private Key to PFX/P12:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

OpenSSL Convert DER

Convert DER to PEM:

openssl x509 -inform der -in certificate.der -out certificate.pem

OpenSSL Convert P7B

Convert P7B to PEM:

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

Convert P7B to PFX:

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer

openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

OpenSSL Convert PFX

Convert PFX to PEM and Private Key

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

Remove Private key password

openssl rsa -in file.key -out file2.key

Enter the passphrase and [file2.key] is now the unprotected private key.

The output file:  [file2.key] should be unencrypted. To verify this open the file using a text editor (such as MS Notepad) and view the headers

If you need to convert a Java keystore .jks lets say taking a ssl certificate from a tomcat system and moving it to Apache or Windows and vice versa it is usually easier to just generate a new CSR keypair from those respective systems and perform a reissue of the certificate, but there’s is a way by using a conversion application such as Portecle.

Recent Posts

S/MIME for Outlook O365 Windows

August 14, 2023

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

May 22, 2023

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

June 3, 2021

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »

Choose your SSL Plan

Basic Security Plan

Standard Security Plan

Enhanced Security Plan

Quick Support

About Us

CSR Generation Instructions

SSL Installation Instructions

SSL Glossary

SSL Brands

DigiCert SSL Certificates

GeoTrust SSL Certificates

Thawte SSL Certificates

RapidSSL Certificates

Sign up for Article Updates

Get latest updates related to PKI, SSL and Digital Security Delivered Directly to your inbox.

Facebook-f Linkedin-in Twitter
© 2024 Acmetek All Right Reserved. Legal Terms of Use | Privacy Policy