How do I convert PEM to PFX?

Select 'Standard PEM' as the source and 'PKCS#12 (PFX/P12)' as the target. Paste your certificate and private key, provide a password, and click 'Convert Certificate'.

What is the difference between PEM and PFX?

PEM is a text-based format often used on Linux/Apache, while PFX is a binary format used on Windows/IIS that can bundle certificates and private keys.

Is my private key safe during conversion?

Yes, our converter processes your data in real-time and never stores your private keys or certificates on our servers.

🔄 SSL Certificate Converter

SSL Converter — Free SSL Certificate Converter Tool

Convert SSL certificates between standard formats: PEM and PFX/PKCS#12. Essential for migrating certificates between IIS (Windows) and Apache/Nginx (Linux) servers.

Convert SSL Certificate

Convert From

Convert To

Input Method

✍️ Paste Text 📂 Upload File

Certificate Content

ℹ️ For PEM to PFX conversion, you must provide the Certificate and Private Key. Intermediate certificates are optional.

Certificate (Required) *

Private Key (Required) *

Intermediate CA 1 (Optional) Chain Certificate

Intermediate CA 2 (Optional) Chain Certificate

Intermediate CA 3 (Optional) Chain Certificate

Supported Certificate Formats

📄 PEM (Privacy Enhanced Mail)

File Extensions: .pem, .crt, .cer, .key

Encoding: Base64 ASCII

Common Use: Apache, Nginx, most Linux servers

Format: Text file with BEGIN/END markers

-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAKL0UG...
-----END CERTIFICATE-----

🔐 PFX/PKCS#12 (Public Key Cryptography Standards #12)

File Extensions: .pfx, .p12

Encoding: Binary

Common Use: Windows IIS, Microsoft servers

Features: Can contain certificate, private key, and entire chain in one file. Usually password-protected.

🔒 DER (Distinguished Encoding Rules)

File Extensions: .der, .cer

Encoding: Binary

Common Use: Java platforms

Features: Binary format of PEM certificate

📦 P7B/PKCS#7

File Extensions: .p7b, .p7c

Encoding: Base64 ASCII

Common Use: Windows, Java Tomcat

Features: Can contain certificate and chain, but NOT the private key

Common Conversion Scenarios

🔄 PEM to PFX (Apache/Nginx to IIS)

Use Case: Migrating from Linux Apache/Nginx server to Windows IIS

Requirements: Certificate file, private key file, optional intermediate certificates

Result: Single .pfx file with password protection

🔄 PFX to PEM (IIS to Apache/Nginx)

Use Case: Migrating from Windows IIS to Linux Apache/Nginx

Requirements: PFX file and password

Result: Separate certificate and private key files

🔄 DER to PEM (Java to Apache)

Use Case: Converting Java certificates to Apache format

Requirements: DER certificate file

Result: PEM formatted certificate

🔄 PEM to DER (Apache to Java)

Use Case: Converting Apache certificates to Java format

Requirements: PEM certificate file

Result: DER binary certificate

How to Convert SSL Certificates

Select Source Format: Choose the format you're converting FROM
Select Target Format: Choose the format you're converting TO
Choose Input Method: Either paste the certificate text or upload a file
Add Password (if needed): For PFX files, enter the password
Click Convert: Click the "Convert Certificate" button
Download Result: Download your converted certificate

⚠️ Security Note: Your certificates and private keys are processed in real-time and are NOT stored on our servers. For maximum security, consider using OpenSSL command-line tools for production environments.

OpenSSL Command-Line Alternatives

For advanced users, here are OpenSSL commands for common conversions:

PEM to PFX

openssl pkcs12 -export -out certificate.pfx -inkey privatekey.key -in certificate.crt -certfile ca-bundle.crt

PFX to PEM

openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes

DER to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Frequently Asked Questions

What's the difference between PEM and PFX?

PEM is a text-based format commonly used on Linux/Apache servers, while PFX is a binary format used on Windows/IIS servers. PFX can contain the certificate, private key, and chain in one password-protected file.

Can I convert a certificate without the private key?

You can convert the certificate itself between formats (PEM ↔ DER ↔ P7B), but to create a PFX file, you need both the certificate AND the private key.

Why do I need to convert SSL certificates?

Different servers and applications require different certificate formats. For example, Apache uses PEM, IIS uses PFX, and Java uses DER or JKS.

Is it safe to upload my private key?

While our tool processes everything in real-time without storage, we recommend using command-line tools (OpenSSL) for production certificates with private keys for maximum security.