Recipe 4.10 Converting SSL Certificates from DER to PEM

4.10.1 Problem

You have an SSL certificate in binary format, and you want to convert it to text-based PEM format.

4.10.2 Solution

$ openssl x509 -inform der -in filename -out filename.pem

4.10.3 Discussion

It may happen that you obtain a CA certificate in a different format. If it appears to be a binary file (often with the filename extension .der or .crt), it is probably the raw DER-encoded form; test this with:

$ openssl x509 -inform der -text -in filename

DER stands for Distinguished Encoding Rules, an encoding for ASN.1 data structures; X.509 certificates are represented using the ASN.1 standard. The openssl command uses PEM encoding by default. You can convert a DER-encoded certificate to PEM format thus:

$ openssl x509 -inform der -in filename -out filename.pem

4.10.4 See Also


    Chapter 9. Testing and Monitoring