Certificate Format Converter

Convert SSL/TLS certificates between PEM, DER, and PFX formats with optional passphrase protection.

  1. Home
  2. DevOps
  3. Certificate Format Converter

Paste PEM, DER (Base64), or upload a certificate file.

What Is a Certificate Format Converter?

A Certificate Format Converter is a tool that transforms SSL/TLS certificates and keys between different encoding formats. Certificates are used to establish secure encrypted connections (HTTPS) and verify the identity of websites, servers, and applications. Different platforms and software require certificates in different formats.

The three main certificate formats are:

  • PEM (Privacy Enhanced Mail) — The most common format, using Base64-encoded ASCII text with -----BEGIN CERTIFICATE----- headers and footers. Used by Apache, Nginx, cURL, OpenSSL, and most Unix/Linux systems. File extensions: .pem, .crt, .cer, .key.
  • DER (Distinguished Encoding Rules) — A binary format using raw ASN.1 encoding. Used by Java platforms, Windows, and some embedded systems. File extensions: .der, .cer.
  • PFX / PKCS#12 — An archive format that bundles the certificate, private key, and intermediate certificates into a single encrypted file. Used by Microsoft IIS, Windows, and for certificate import/export. File extensions: .pfx, .p12.

How to Use This Certificate Format Converter

  1. Paste or upload — Paste your certificate data into the text area, or click "Upload File" to select a .pem, .der, .crt, .pfx, or .key file. You can also click "Load PEM Sample" or "Load DER Sample" to try with sample data.
  2. Select output format — Choose PEM, DER, or PFX/PKCS#12 from the dropdown menu. For PFX output, an optional passphrase field will appear.
  3. Click Convert — The tool converts your certificate to the selected format. Certificate details will be displayed if a valid X.509 certificate is detected.
  4. Copy or download — Use the Copy button to copy the output to your clipboard, or click Download to save it as a file.

Frequently Asked Questions

What is the difference between PEM and DER?

PEM is a Base64-encoded text representation of a certificate, making it human-readable and easy to copy-paste. DER is a raw binary (ASN.1) format that is more compact. PEM files are essentially DER files wrapped in Base64 encoding with header/footer lines.

Why would I need to convert certificate formats?

Different servers and platforms require different formats. For example, Apache and Nginx use PEM format, Java key stores use DER, and Microsoft IIS uses PFX. Converting between formats is necessary when migrating between platforms or configuring different services.

Is my certificate data sent to a server?

No. All conversion is performed locally in your browser using JavaScript. Your certificate data never leaves your device. No data is uploaded or transmitted to any server.

What is PFX / PKCS#12 format?

PKCS#12 (PFX) is a binary format that stores the server certificate, any intermediate certificates, and the private key in a single encrypted file. It is commonly used on Windows servers and for certificate migration between systems. PFX files can be password-protected for security.