Certificate File Formats and Conversion

Certificates exist in various formats: PEM, DER, PFX/P12, and P7B. Servers require specific formats, necessitating conversion between types. PEM format, identifiable by "-----BEGIN CERTIFICATE-----" headers, remains most common for Linux servers. Windows IIS prefers PFX format containing both certificates and private keys.

Convert between formats using OpenSSL:

# PEM to DER
openssl x509 -in certificate.pem -outform DER -out certificate.der

# PEM to PFX
openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt -certfile intermediate.crt

# PFX to PEM
openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes

# Extract private key from PFX
openssl pkcs12 -in certificate.pfx -nocerts -out private.key -nodes

# View certificate information
openssl x509 -in certificate.crt -text -noout