Certificates are available in different encoding formats. You might need to convert a certificate from one format to another. For example, your Firebox requires PEM encoded certificates. If your certificate authority provides only DER encoded certificates, you must convert the certificate format to PEM.
To distribute a certificate to users on your network, you must convert the Firebox PEM encoded certificate to DER if your distribution method requires DER encoded certificates.
To import a Firebox certificate on an iOS or Android device, you might need to convert the PEM encoded certificate to DER.
Certificate Encoding Formats
This topic explains how to convert certificates with these two encoding formats:
PEM
ASCII Base64 encoding format. PEM certificates can have a file extension of .pem, .crt, or .cer.
DER
Binary version of the ASCII PEM encoding format. DER certificates can have a file extension of .der, .crt, or .cer.
Convert a DER Certificate to PEM
You can use OpenSSL to convert certificates and certificate signing requests from the DER format to PEM. For installation instructions, see www.openssl.org.
To convert a certificate format from DER to PEM with OpenSSL:
- Copy the DER format certificate file to the folder that contains your OpenSSL application, or another working directory where you can execute the OpenSSL application. On a Windows system, this directory is \openSSL\bin or \openSSL-Win64.
- Open a command line interface.
Make sure you run the command prompt as an administrator. In Windows, right-click the command prompt shortcut and select "Run as Administrator". - Navigate to the folder where you copied the DER format certificate file. For our example, the certificate name is selfsignedCA.der.
- Type openssl x509 -inform der -in selfsignedCA.der -out selfsignedCA.pem
You can also convert a DER encoded certificate to PEM with an SSL certificate conversion tool such as SSL Converter.
For security reasons, do not upload your private key to a conversion tool hosted on a third-party website.
Convert a PEM Certificate to DER
When you export a certificate from a Firebox, the certificate is saved in the PEM format. For some certificate distribution methods, the preferred certificate format for import is the DER format.
You can use OpenSSL to convert certificates and certificate signing requests from PEM to DER format. For installation instructions, go to www.openssl.org.
To convert a certificate format from PEM to DER with OpenSSL:
- Copy the PEM format certificate file to the folder that contains your OpenSSL application, or another working directory where you can execute the OpenSSL application. On a Windows system, this directory is \openSSL\bin or \openSSL-Win64.
- Open a command line interface.
Make sure you run the command prompt as an administrator. In Windows, right-click the command prompt shortcut and select "Run as Administrator". - Navigate to the folder where you copied the PEM format certificate file. For our example, the certificate name is selfsignedCA.pem.
- Type openssl x509 -outform der -in selfsignedCA.pem -out selfsignedCA.der
You can convert the PEM encoded certificate to DER with an SSL certificate conversion tool such as SSL Converter.
For security reasons, do not upload your private key to a conversion tool hosted on a third-party website.
Manage Device Certificates (WSM)