PingOne

Converting PEM certificates to a different format

If needed, you can convert PEM certificates to a different format, such as PFX or PKCS#7.

Before you begin

You must have:

  • The original private key that was used for the certificate

  • A PEM (.pem, .crt, .cer) file

  • OpenSSL

About this task

Certificates are commonly issued as PFX files, with the extension .pfx or .p12. If you have a certificate in another format, you can convert it to PFX and import it to PingOne.

The PKCS#7 or P7B format is stored in Base64 ASCII format and has a file extension of .p7b or .p7c. A P7B file contains certificates but not the private key.

Steps

  1. Open a terminal window.

  2. Run the command for the conversion you want to perform:

    Choose from:

    • PEM to PFX:

      openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt
      Syntax Description

      openssl

      The command for executing OpenSSL.

      pkcs12

      The file utility for PKCS#12 files in OpenSSL.

      -export -out certificate.pfx

      Exports and saves the PFX file as certificate.pfx.

      -inkey privateKey.key

      Uses the private key file privateKey.key as the private key to combine with the certificate.

      -in certificate.crt

      Uses certificate.crt as the certificate to combine with the private key.

      -certfile more.crt

      (Optional) Use this option if you have more than one certificate you want to include in the PFX file.

    • PEM to PKCS#7:

      openssl crl2pkcs7 -nocrl -certfile certificate.crt -out certificate.p7b -outform DER
      Syntax Description

      openssl

      The command for executing OpenSSL.

      crl2pkcs7

      The file utility for PKCS#7 files in OpenSSL.

      -nocrl

      Specifies to not include a certificate revocation list (CRL) in the output file and to not read a CRL from the input file.

      -certfile certificate.crt

      Specifies a filename containing one or more certificates in PEM format. All certificates in the file are added to the PKCS#7 structure. You can use this option more than once to read certificates from multiple files.

      -out certificate.p7b

      Outputs the file as certificate.p7b.

      -outform DER

      Specifies the PKCS#7 structure output format. The distinguished encoding rules (DER) format is a DER-encoded CRL structure.