Converting PEM certificates to a different format

If needed, you can convert PEM certificates to a different format, such as PFX or PKCS#7.

Before you begin

You must have:

The original private key that was used for the certificate
A PEM (.pem, .crt, .cer) file
OpenSSL

About this task

Certificates are commonly issued as PFX files, with the extension .pfx or .p12. If you have a certificate in another format, you can convert it to PFX and import it to PingOne.

The PKCS#7 or P7B format is stored in Base64 ASCII format and has a file extension of .p7b or .p7c. A P7B file contains certificates but not the private key.

Steps

Open a terminal window.

Run the command for the conversion you want to perform:

Choose from:

PEM to PFX:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt

Syntax Description

Syntax	Description
`openssl`	The command for executing OpenSSL.
`pkcs12`	The file utility for PKCS#12 files in OpenSSL.
`-export -out certificate.pfx`	Exports and saves the PFX file as `certificate.pfx.`
`-inkey privateKey.key`	Uses the private key file `privateKey.key` as the private key to combine with the certificate.
`-in certificate.crt`	Uses `certificate.crt` as the certificate to combine with the private key.
`-certfile more.crt`	(Optional) Use this option if you have more than one certificate you want to include in the PFX file.

openssl

The command for executing OpenSSL.

pkcs12

The file utility for PKCS#12 files in OpenSSL.

-export -out certificate.pfx

Exports and saves the PFX file as certificate.pfx.

-inkey privateKey.key

Uses the private key file privateKey.key as the private key to combine with the certificate.

-in certificate.crt

Uses certificate.crt as the certificate to combine with the private key.

-certfile more.crt

(Optional) Use this option if you have more than one certificate you want to include in the PFX file.

PEM to PKCS#7:

openssl crl2pkcs7 -nocrl -certfile certificate.crt -out certificate.p7b -outform DER

Syntax Description

Syntax	Description
`openssl`	The command for executing OpenSSL.
`crl2pkcs7`	The file utility for PKCS#7 files in OpenSSL.
`-nocrl`	Specifies to not include a certificate revocation list (CRL) in the output file and to not read a CRL from the input file.
`-certfile certificate.crt`	Specifies a filename containing one or more certificates in PEM format. All certificates in the file are added to the PKCS#7 structure. You can use this option more than once to read certificates from multiple files.
`-out certificate.p7b`	Outputs the file as `certificate.p7b`.
`-outform DER`	Specifies the PKCS#7 structure output format. The distinguished encoding rules (DER) format is a DER-encoded CRL structure.

openssl

The command for executing OpenSSL.

crl2pkcs7

The file utility for PKCS#7 files in OpenSSL.

-nocrl

Specifies to not include a certificate revocation list (CRL) in the output file and to not read a CRL from the input file.

-certfile certificate.crt

Specifies a filename containing one or more certificates in PEM format. All certificates in the file are added to the PKCS#7 structure. You can use this option more than once to read certificates from multiple files.

-out certificate.p7b

Outputs the file as certificate.p7b.

-outform DER

Specifies the PKCS#7 structure output format. The distinguished encoding rules (DER) format is a DER-encoded CRL structure.