SSL Certificate Converter

The SSL Certificate Converter is a free online tool that converts SSL/TLS certificates between PEM, DER, PKCS#7 (P7B), and PKCS#12 (PFX) formats. Upload your certificate file or paste PEM text — conversion happens instantly in memory for maximum security. Use it when migrating certificates between Apache, Nginx, IIS, Java, or other platforms.

1 Upload Certificate

🔒

Drag & drop your certificate file here
or click to browse

2 Select Output Format

PEM

.pem, .crt, .cer

Apache, Nginx, Linux

DER

.der, .cer

Java, Android

PKCS#7

.p7b, .p7c

Windows, Java Tomcat

PFX/PKCS#12

.pfx, .p12

Windows/IIS, Azure

3 Result

Your files are processed entirely in memory and are never stored on our servers — maximum security for your certificates.

Copied!

How to Convert an SSL Certificate

Upload Your Certificate
Drag and drop your certificate file into the upload area, or click to browse. You can also paste PEM-encoded text directly. Supported formats: .pem, .crt, .cer, .der, .pfx, .p12, .p7b, .p7c.
Select Output Format
Choose your desired output format: PEM for Apache/Nginx, DER for Java/Android, P7B for Windows/Tomcat, or PFX for Windows IIS/Azure. Incompatible formats are disabled automatically.
Provide Additional Files if Needed
For PFX output, attach your private key file and set an export password. For PFX input, enter the decryption password. Optionally include a CA bundle for the complete certificate chain.
Download the Result
Click Convert to process your certificate. Binary formats download automatically. PEM output is displayed on screen so you can copy it directly.

Supported Certificate Formats

What is PEM format?

PEM is one of the most widely used certificate formats. PEM files typically have the extension .pem, .crt, .cer, or .key. They are Base64-encoded ASCII files and contain the lines "----- BEGIN CERTIFICATE -----" and "----- END CERTIFICATE -----". PEM format can store server certificates, intermediate certificates, and private keys. Certificates in PEM format are used by various servers, including Apache and others. In some cases, the certificate and private key can be combined into a single file, but for most platforms the certificate and private key must be in separate files.

What is DER format?

DER is a binary form of a certificate. Files in this format can have the extension .der or .cer. The only difference between them is the BEGIN/END lines. Any type of certificate and private key can be represented in DER format. Typically, this format is used with the Java platform. With SSL Converter you can convert SSL certificates to and from DER format.

What is PKCS#7 / P7B format?

The PKCS#7 or P7B format is a Base64 ASCII file with the extension .p7b or .p7c. P7B certificates contain the string "----- BEGIN PKCS7 -----" and "----- END PKCS7 -----". Files of these certificates do not include the private key. The P7B files contain only the certificates and certificate chains. The P7B format is supported by platforms such as Microsoft Windows and Java Tomcat.

What is PKCS#12 / PFX format?

PKCS#12 or PFX is a binary format used to store intermediate certificates, server certificates, and private keys in a single file. PFX files use the .pfx and .p12 extensions. These files are commonly used on Windows machines to import and export private keys and certificates. After converting PFX to PEM you will need to open the resulting file in a text editor and save each certificate and private key to a text file - for example, cert.cer, CA_Cert.cer and private.key. You should copy necessary snippets together with BEGIN / END.

Frequently Asked Questions

What SSL certificate formats does this tool support?

Our SSL Converter supports PEM, DER, PKCS#7/P7B, and PKCS#12/PFX formats. You can convert between any of these formats.

Is it safe to upload my SSL certificate and private key?

Yes. Your files are processed entirely in memory and are never stored on our servers. No data touches the disk — this provides maximum security for your certificates and private keys.

Do I need a private key to convert my certificate?

A private key is only required when converting to PKCS#12/PFX format. For other conversions, only the certificate file is needed.

How do I convert a PEM certificate to PFX format?

Upload your PEM certificate file (or paste the PEM text), select PFX/PKCS#12 as the output format, provide your private key file and set an export password, then click Convert. The tool will generate a .pfx file containing your certificate, private key, and optionally the CA bundle.

What is the difference between PEM and DER formats?

PEM is a Base64-encoded text format that you can open in any text editor — it starts with "-----BEGIN CERTIFICATE-----". DER is the binary equivalent of PEM. They contain the same data, just encoded differently. PEM is used by Apache and Nginx, while DER is common with Java and Android platforms.

How do I convert an SSL certificate for Windows IIS?

Windows IIS requires certificates in PFX/PKCS#12 format. Upload your PEM or DER certificate, select PFX as the output format, attach your private key file, set a password, and click Convert. Import the resulting .pfx file into IIS using the Server Certificates feature.

Can I convert a certificate without the private key?

Yes, for most conversions. You can freely convert between PEM, DER, and P7B formats without a private key. A private key is only required when creating a PFX/PKCS#12 file, as this format bundles the certificate and private key together.

What is a CA bundle and when do I need it?

A CA bundle (certificate chain) contains the intermediate certificates that link your SSL certificate to a trusted root authority. Include it when converting to PFX or P7B format to ensure the full chain is present. Without it, browsers may show trust warnings even if your certificate is valid.