Your server may not support the current format, or the file may not be compatible with the system you’re running, both of which might need a conversion.
Still, if you wish to convert CRT to PEM for any reason, OpenSSL makes it simple. You can quickly and precisely edit the file format with only a few short OpenSSL statements.
Get the ball rolling!
What Is CRT?
Files titled X.509 digital certificates (CRT or CER) verify an organization’s identity and safeguard private information.
Code signing certificates, SSL/TLS, personal authentication certificates, S/MIME certificates, etc., are a few examples of the numerous digitally signed and/or encoded data available today.
Certificates and keys generated using x.509 certificates may be exported to a wide range of formats, such as:
- Privacy-enhanced electronic mail (.PEM)
- Distinguished encoding rules (.DER)
Difference Between PEM And DER
PEM is the format used for text-based certificates. The ‘openssl’ command on Linux or Windows may be used to examine the contents of a PEM certificate (cert.crt) in the following manner:
openssl x509 -in cert.crt -text
Meanwhile, the certificate may be DER if the file contains binary data. To test the format, just open the ‘openssl’ commands:
openssl x509 -in cert.crt -inform DER -text
Convert CRT To PEM On Windows
You may use the OpenSSL for Windows program to alter the binary CRT.
The OpenSSL binaries may be obtained through download (openssl-0.9.8h-1-bin.zip), after which they should be extracted to a folder (C:OpenSSL). Place the.crt file you just copied in the same folder. Launch a command prompt as an admin and then get to:
cd C:\OpenSSL\bin
Execute the below command for converting a binary CRT to PEM:
Openssl.exe x509 -inform DER -outform PEM -in my_certificate.crt -out my_certificate.crt.pem
Rename the certificate files to something more personal. To change a DER (.crt,.cer, or.der) to PEM, use this command.
A new file named my certificate.crt.pem can exist in the exact location once the program is run. Ensure to verify if it is Base64 encoded before opening. Anywhere you’d want, including the web server, may now benefit from this certificate.
If you’re getting the “Unable to load config data from /usr/local/ssl/openssl.cnf” message when you try to use the openssl.exe program, create a Windows variable employing the below command:
Set OPENSSL_CONF=C:\openssl\share\openssl.cnf
Then, reopen the Command Prompt and see whether you can run the command and modify the file extension of your certificate from CRT to PEM.
Using the in-built Certificate Export Tool in Windows Server 2016/Windows 10, you may export certificates in CER to DER (PEM).
- Start up File Explorer to locate your.cer, and then double-click it to begin the installation process.
- Seek and select the “Copy to File” button on the Details tab of the certificate properties window.
- Choose the export file by pressing Next on the first step of the Certificate Export Wizard. Click the button next to “BASE-64 encoded X.509 (.CER)”.
- Rename the file.
- Tab the Finish option.
- You may now convert your certificate files from the.cer format to the more secure.pem. This PowerShell command may be of service to you:
rename-item C:\PS\new_cert.cer c:\ps\new_cert.pem
- Validate the file is in Base64:
cat c:\ps\new_cert.pem
Convert CRT To PEM On Linux
Let’s look at changing the certificate from DER/CRT to PEM on Linux. Launching the OpenSSL package setup is the first step.
The steps to installing OpenSSL on CentOS, RedHat, and Fedora are:
yum install openssl
The APT package manager makes it viable to install source code on Debian and Ubuntu:
apt-get install openssl
Simply enter the following command into OpenSSL to transform the CER into PEM:
openssl x509 -inform der -in /home/tstcert.cer -out /home/tstcert.pem
Openssl ToolKit To Make It Easy
If you’re uneasy with OpenSSL’s command line, consider the OpenSSL ToolKit script, which can automate the required tasks by wrapping OpenSSL CLI. This tool processes CRT and keys locally without transferring them.
Final Thoughts
Reasons abound for why you would wish to change a certificate to PEM. Possible causes include the incompatibility of the current format with the program you’re using or that your server doesn’t support it.
Following the instructions in this article, you may use OpenSSL to quickly and efficiently convert CRT to PEM. The OpenSSL above instructions will facilitate the expedited conversion.We hope that this article can help you out. Share the TrustguideTeam’s post with others if needed.
Leave a Reply