Step 1 — Paste Your Certificate Files
Paste your PEM certificate below. Add your CA bundle and private key if you need PKCS#7 or PKCS#12 output.
Step 2 — Choose Output Format
DER and PKCS#7 only require the certificate. PKCS#12 additionally requires your private key.
PEM → DER
Binary-encoded certificate. Used by Java keystores, Android, and some Windows tools. Extension: .crt or .der.
PEM → PKCS#7
Certificate bundle including optional CA chain. Does not contain the private key. Used by Windows Server and Tomcat. Extension: .p7b.
PEM → PKCS#12
Encrypted bundle with cert, private key, and optional CA chain. Used by IIS, Azure, AWS, and .NET. Extension: .pfx or .p12.
Format Reference
- PEM
- Base64-encoded, the most common format. Starts with
-----BEGIN CERTIFICATE-----. Used by Apache, Nginx, and most Unix-based servers. - DER (.crt / .der)
- Binary version of PEM. Used by Java applications and some Windows environments. Cannot be opened as a text file.
- PKCS#7 (.p7b)
- Can contain a certificate and the full CA chain but not the private key. Used by Windows Server and Java Tomcat. Also known as CMS format.
- PKCS#12 (.pfx / .p12)
- Contains the certificate, private key, and CA chain in a single encrypted file. Used by IIS, Azure, AWS Certificate Manager, and .NET applications. Can be password-protected.
Need a Free SSL Certificate?
Generate a trusted SSL certificate powered by Let's Encrypt - completely free.