To accomplish the task in this article you need to convert the p7b file to crt files using the below command. The certificate will either be a .cer .crt or .pem file. My provider wants a certificate in .CRT … If the certificate extension from a commercial certificate authority (CA) is .cer, use the OpenSSL toolkit to convert SSL certificate extension from .cer to .crt. DER formatted certificates most often use the '.der' extension. You can do that with the following command. I received the certificate and it has the extension .CER. Convert x509 to PEM Convert your SSL certificate between PEM/PKCS#7/PKCS#12 formats online. Solution: Save the key text in a file with a .key extension. with Firefox it's easy to export the used SSL certificate of a page as x509 with all intermediate certificates as *.crt. They are Base64 encoded ASCII files. I have bought a certificate for my domain from ComodoSSL. DER formatted certificates do not contain the "BEGIN CERTIFICATE/END CERTIFICATE" statements. So here’s the abridged version: An X.509 certificate is a type of digital certificate that uses the PKI standard (X.509 v3) to validate that a server is the rightful owner of the associated public key. All certificate files must be valid PEM-encoded X509 certificates with the extension .crt. However, they differ in filename extensions – the significant difference. How to use SSL converter? Sometimes it may convert .cer into .crt generally with Apache servers. It’s crucial because many servers require your SSL/TLS certificate to be in a specific file format, and they can be either from these different file extensions. The below commands will not work in the usual WIndows Certificate DER format. Extensions used for PEM certificates are cer, crt, and pem. OpenSSL: Convert CER to PEM. To transform one type of encoded certificate to another — such as converting CRT to PEM, CER to PEM, and DER to PEM — you’ll want to use the following commands: OpenSSL: Convert CRT to PEM: Type the following code into your OpenSSL client: openssl x509 -in cert.crt -out cert.pem. Generally, CER and CRT are related to SSL/TLS certificate, so there’s not much difference between the two, and both are to the same SSL/TLS certificate. Certificate providers give you a p7b file and a PEM file. These certificate formats are required for different platforms and devices. For example, Windows servers require a .pfx file and the Apache server require PEM (.crt, .cer) files. By just looking at the command you can understand that it is telling OpenSSL to convert your .cer formatted certificate into .crt format. To use SSL converter, just select the certificate file and its type (type is automatically determined based on the file extension). $ openssl x509 –inform DER –in ssl_certificate.cer –out ssl_certificate.crt. So a .pem, while it can also have other things like a csr (Certificate signing request), a private key, a public key, or other certs, when it is storing just a cert, is the same thing as a .crt. I'm in the need to do the same by converting *.pem files to *.crt as a non-binary format using openssl. The DER format is the binary form of the certificate. To covert the binary CER file, copy the CER file to the CloudBolt server and run the following command: $ openssl x509 -inform DER -in ssl_certificate.cer -out ssl_certificate.crt When you see extensions like:.der.pem.crt.cer.pkcs7.p7b.pkcs8.pkcs12.pfx.p12; Those refer to how the certificate is encoded and presented. A .crt stores the certificate.. in pem format. The PEM file is where the private key is. It's just base64 text in the file.What Apache expects a .CRT to be a X.509 certificate in base64 encoded format.