Unable to convert .CER file to .PEM

Question

I downloaded the files from a ssl purchase and got from it the following files:

• ServerCertificate.cer
• CACertificate-ROOT-2.cer
• CACertificate-INTERMEDIATE-1.cer
• PKCS7.p7b

A client requires 2 crt.pem files. One of which needs to come from the ServerCertificate.cer and another from a so called PFC file that should of been provided. Which is aparently a combination of the certificate and the key.

I have tried using: openssl x509 -inform der -in certificate.cer -out certificate.pem to convert the first file however I get a "Unable to load certificate" error.

What am I doing wrong?

PS Please dont link me to https://www.sslshopper.com/ssl-converter.html, as this isn't working either.

Answer 1

If by PFC you actually mean PFX, then you can convert p7b to pfx (PKCS#7 to PKCS#12) using openssl.

ServerCertificate.cer is most likely PEM. Follow Steffen's comment:

Extensions do not matter. It is likely that your *.cer files are already in PEM format and you just have to rename these if you want a file name of *.pem but not convert. Look at the contents with some editor: if it is binary it is likely DER encoded, if it starts with something like -----BEGIN CERTIFICATE----- it is PEM encoded.

If it is not PEM, then it is binary and openssl can convert it to PEM.

Normally you need two files: the private key (ServerCertificate.key) and the certificate (ServerCertificate.cer). Sometime you also need the root and intermediate certificates depending on who issued your certificate (you don't say).

None of the file that you listed is the private key. This was created as the first step to create the CSR (certificate signing request) that you sent to the ssl vendor. PFX has the option to include the private key in its file format.

If you created the CSR on Windows (IIS) then you don't send anything to the customer, you complete the CSR on the computer that created the CSR. Then you can export the certificate package.