Easy certificate format conversion on SSLmarket

24 Feb 2021 | Jindřich Zechmeister

We have expanded certificate management tools with a certificate format converter. With its help, you can easily convert the certificate from the text form in which you receive it from us to binary and vice versa. We talk about how to use it in this article and we hope that you will appreciate this new tool.

You can find certificates in two formats

Certificates are used in only two formats - text and binary. The text format, as the name suggests, is text and is encoded using the Base64 certificate standard (public key, data, etc.). The file can have any extension, but what matters is its content, which you can view in any text editor (for example, in Notepad). You can easily read the certificate’s content in our certificate and CSR decoder.

The binary format cannot be opened in a text editor and you need a compatible application for it. However, to avoid problems, you can use text format only. There is probably no situation where you have to use a certificate in binary format.

You will receive newly issued certificates from us in the text format (Base64), which is the most widespread and you can always use it. If your certificate is intended for a Windows server and you want to perform the import in one step without creating a CSR, you can create a desired PFX file in the order detail. However, the condition is to have a private key, because even when generating a CSR, we do not store the private key with us (for security reasons); it is offered for download onto your computer.

The use of both formats

The text format of certificates can usually be found on Unix servers and on popular Apache and nginx web servers. The text format is used practically everywhere and, as already mentioned, the file extension does not matter at all. The most common case of using a binary certificate format is the PKCS # 12 standard, known by the PFX extension. It is used to export (transfer, backup) certificates together with the private key on the Windows platform. However, even in this case, you can proceed by creating a CSR on the server and importing the certificate in text format.

The use of the conversion tool

Our tool offers several options for conversion between text (Base64) and binary format. Let's look at the individual options and situations in which you can use them.

Conversion between PEM and PFX

You need this conversion when you move a certificate from a Linux (or other Unix) server to a Windows server. You can easily import the certificate together with the private key in PFX. In the conversion tool you see three input fields - in the first two, enter the certificate and private key in text form (open the files you have on the server) and in the third field enter your password to protect the newly created PFX file.

The reverse procedure is simpler - select the PFX file and enter its password on your computer only; the result of the conversion will be an archive with individual certificates that were in the PFX file (this way, you will get the contents of this "container").

Conversion between PEM and DER

The need for conversion between PEM and DER format is less common, but may also be useful. From one certificate in text PEM format, you get the equivalent in binary DER (and vice versa). You can use the certificate’s binary format in the Windows server environment or for application servers using the Java keystore (but the best option for Java keystore is to import all keys at once in PFX).