Anti-DDoS Pro and Anti-DDoS Premium require SSL/TLS certificates in PEM format. Convert your CER, CRT, PFX, P7B, or DER certificates to PEM using the methods below.
Quick reference
Supported conversion types and required tools:
| Source format | Tool required | Method |
|---|---|---|
| CER/CRT (PEM-encoded) | None | Rename the file extension to .pem |
| PFX (PKCS#12) | OpenSSL | Extract the certificate and private key with openssl pkcs12 |
| P7B (PKCS#7) | OpenSSL | Convert with openssl pkcs7, then clean up and rename |
| DER | OpenSSL | Convert with openssl x509 and openssl rsa |
Prerequisites
Ensure the following:
-
OpenSSL installed on your local machine
-
The certificate file you want to convert
-
The certificate file password (if applicable, for example PFX files)
PEM format overview
PEM stores certificate data as Base64-encoded text between header and footer lines:
-----BEGIN CERTIFICATE-----
Base64-encoded certificate data
-----END CERTIFICATE-----
PEM files typically use the .pem extension.
Convert CER or CRT certificates
CER and CRT files are typically PEM-encoded. If so, rename the extension to .pem.
For example, rename server.crt to server.pem.
.cer files are often DER-encoded (binary). If renaming fails, follow Convert DER certificates.Convert PFX (PKCS#12) certificates
PFX (PKCS#12) is a binary format that bundles the certificate and private key into one file. It is commonly used on Windows servers.
Extract the private key
openssl pkcs12 -in <cert-name>.pfx -nocerts -out key.pem -nodes
| Parameter | Description |
|---|---|
<cert-name>.pfx |
The PFX certificate file to convert |
key.pem |
The output private key file |
Extract the certificate
openssl pkcs12 -in <cert-name>.pfx -nokeys -out cert.pem
| Parameter | Description |
|---|---|
<cert-name>.pfx |
The PFX certificate file to convert |
cert.pem |
The output certificate file |
Extract both the certificate and private key
openssl pkcs12 -in <cert-name>.pfx -nodes -out all.pem
| Parameter | Description |
|---|---|
<cert-name>.pfx |
The PFX certificate file to convert |
all.pem |
A single file that contains both the certificate and private key |
Convert P7B (PKCS#7) certificates
P7B (PKCS#7) is a format used on Windows servers and Apache Tomcat. P7B files contain the certificate and certificate chain but not the private key.
-
Convert the P7B file to a CER file:
Parameter Description <cert-name>.p7bThe P7B certificate file to convert <cert-name>.cerThe output certificate file openssl pkcs7 -print_certs -in <cert-name>.p7b -out <cert-name>.cer -
Open the CER file in a text editor and keep only the content between the certificate markers:
-----BEGIN CERTIFICATE----- MIIE5zCCA8+gAwIBAgIQN+whYc2BgzAogau0dc3PtzANBgkqh...... -----END CERTIFICATE----- -
Save the file with a
.pemfile extension.
Convert DER certificates
DER is a binary-encoded certificate format commonly used on Java platforms.
Convert a DER-encoded certificate
openssl x509 -inform der -in certificate.der -out certificate.pem
| Parameter | Description |
|---|---|
certificate.der |
The DER-encoded certificate file |
certificate.pem |
The output PEM certificate file |
Convert a DER-encoded private key
openssl rsa -inform DER -outform PEM -in privatekey.der -out privatekey.pem
| Parameter | Description |
|---|---|
privatekey.der |
The DER-encoded private key file |
privatekey.pem |
The output PEM private key file |
References
Applicable products
-
Anti-DDoS Pro or Anti-DDoS Premium
-
SSL Certificates Service