Please select a Sub-Content Category.
OpenSSL Convert PEM
Convert PEM to DER
openssl x509 -outform der -in certificate.pem -out certificate.der
Convert PEM to P7B
openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer
Convert PEM to PFX
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
OpenSSL Convert DER
Convert DER to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
OpenSSL Convert P7B
Convert P7B to PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
Convert P7B to PFX
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer
OpenSSL Convert PFX
Convert PFX to PEM
openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
Convert PFX to PEM as Individual Files
Extract the Private key (Will still be encrypted):
openssl pkcs12 -in [yourfile.pfx] -nocerts -out [keyfile-encrypted.key]
Extract the certificates:
Server Certificate:
openssl pkcs12 -in [yourfile.pfx] -clcerts -nokeys -out [certificate.crt]
Intermediate Certificate
openssl pkcs12 -in -cacerts -nokeys -chain -out
Decrypt Private Key file:
openssl rsa -in [keyfile-encrypted.key] -out [keyfile-decrypted.key]
Common Keytool Commands
Create JKS and CSR
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore Certificate.jks -dname "CN=Common-Name, O=Organization, L=City, ST=State, C=US" && keytool -certreq -alias server -file Certificate.csr -keystore Certificate.jks && echo Your certificate signing request is in Certificate.csr. Your keystore file is Certificate.jks. Thanks for using the DigiCert keytool CSR helper.
Import P7B to JKS
keytool -import -alias server -file your_site_name.p7b -keystore your_site_name.jks
Check what's in the JKS
keytool -keystore: keytool -list -v -keystore keystore.jks