What is OpenSSL?

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.

OpenSSL does not distribute code in binary form. However, you can download it from other websites. Visit wiki.openssl.org, select and download OpenSSL for your platform. For example, click on the https://slproweb.com/products/Win32OpenSSL.html link to download the installer for Windows. You can download the light or full version, as shown below.

Download OpenSSL Installer

Click on the installer and finish the installation wizard. After installation, go to C:\OpenSSL-Win32\bin and double click on openssl.exe to start working with OpenSSL. This will open a command prompt on Windows, as shown below.

OpenSSL Console

OpenSSL Commands to Convert Certificate Formats

If you have got certificate files from the CA which are not supported on your web server, then you can convert your certificate files into the format your web server or hosting provider requires using OpenSSL commands.

To know about all the commands, apply the help command.

Openssl> help

To get help on a particular command, use -help after a command.

Openssl> pkcs12 -help

The following are main commands to convert certificate file formats.

Convert PEM to DER Format

openssl> x509 -outform der -in certificate.pem -out certificate.der

Convert PEM to P7B Format

openssl> crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer

Convert PEM to PFX Format

openssl> pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Convert DER to PEM Format

openssl> x509 -inform der -in certificate.cer -out certificate.pem

Convert P7B to PEM Format

openssl> pkcs7 -print_certs -in certificate.p7b -out certificate.cer

Convert P7B to PFX Format

openssl> pkcs7 -print_certs -in certificate.p7b -out certificate.cer openssl> pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.pfx -certfile CACert.cer

Convert PFX to PEM Format

openssl> pkcs12 -in certificate.pfx -out certificate.cer -nodes