PEM Format:
The PEM format is encoded in ASCII Base64. PEM is the most common format among SSL certificates. Certificate Authorities (CAs) typically provide certificates in this format. PEM files begin with "-----BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----".
PEM certificates have extensions like .pem, .crt, .cer, and .key. Commonly used for Apache servers.
PKCS#7 or P7B Format:
The PKCS#7 or P7B format is encoded in ASCII Base64. These certificates begin with "-----BEGIN PKCS7-----" and end with "-----END PKCS7-----". A key feature of P7B files is that they contain certificate chains but do not include the private key.
PKCS#7 or P7B certificates have extensions like .p7b and .p7c. Commonly used for Microsoft Windows and Java Tomcat servers.
PKCS#12 or PFX Format:
The PKCS#12 or PFX format is encoded in binary. This format stores the server certificate, intermediate certificates, and the private key in an encrypted file.
PKCS#12 or PFX certificates have extensions like .pfx and .p12. Commonly used for Microsoft Windows servers.
Converting from PEM to DER:
openssl x509 -outform der -in certificate.pem -out certificate.der
Converting from PEM to PKCS#7/P7B:
openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer
Converting from PEM to PKCS#12/PFX:
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
Converting from DER to PEM:
openssl x509 -inform der -in certificate.cer -out certificate.pem
Converting from PKCS#7/P7B to PEM:
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
Converting from PKCS#7/P7B to PKCS#12/PFX:
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer
Converting from PKCS#12/PFX to PEM:
openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
VietNam