Using An SSL Certificate Converter
One of the most common issues that occur when trying to install different SSL/TSL certificates is the format of the certificate. Not all servers will accept all types of formats, but that doesn't mean the certificate cannot be used with the server.
Instead, using an SSL certificate converter, it is very easy to change the format. This will allow the IT administrator to use the tool, which is available online to convert the existing format into the desired format.
The reason that different servers require different types of files for the secure sockets layer certificate is because of the specific types of encryption needs. When the server is setup, it is programmed with a specific encryption. To match the SSL certificate to the requirements of the server there are six different options.
The six different options or options in the files that have to match with that of the server. These include PEM, PFX, DER, P7B, PKCS#12 and PKCS#7. These different options or formats can be determined by checking the extension on the file.
It will be important to correctly determine the current status of the certificate before using the SSL certificate converter. Start by looking at the extensions on the certificate provided by the Certificate Authority (CA).
Most of the CAs will issue SSL certificate in the PEM format. This is a Base64 encoded certificate with an extension of .key, .cer, .pem or .crt. It is possible for the private key and certificates to be in the same file, but they are typically separate. This is the format used by Apache servers.
The DER format is the binary form of the PEM format. It will be identified by either the .der or a .cer extension. This is the most common file type that will be required with Java platforms. As both the PEM and the DER use the .cer extension, it will be necessary to open the file. Look for the statement BEGIN CERTIFICATE and END CERTIFICATE to indicate it is a PEM and not a DER format.
It is possible to change a current SSL certificate to a DER format or to change any other format to DER based on your needs. It will be necessary to also use the OpenSSL commands to change the private key to work with this option.
The PFX or the PKCS#12 format is also a binary format. Unlike the DER format the private key as well as the intermediate(s) certificate(s) IAs and the server certificate are all found in one file. When using the SSL certificate converter tool with this format, it is typically a simple process, but there are a few additional steps depending on the converted format. This is most commonly used with Windows and will have extensions of .pfx or .p12.
To convert from a PFX format to a PEM format, it will be necessary to save the single file in three different files. These files will separate out the private key, the intermediate certificates and the CA certificate.
The P7B and the PKCS#7 formats are typically used on Microsoft Windows and Tomcat servers. They will usually, although not always, be found in Base64 format. They will have the extensions of .p7c or .p7b. This format will only have the certificates and will not contain the private key. The private key will be found in a separate file.
While there are several different sites offering an SSL certificate converter tool, we also offer our own support option. We provide a file converter in a zip that can be easily downloaded and used as needed. This will allow you to use the certificate on a Windows server and then an Apache server. This is easy to access through the resources we provided in our knowledgebase area of the site.
Sometimes, when changing hosting companies or when there are multiple servers involved that will all use the same SSL certificate, the file can be converted into a .pfx file and used on Windows server for IIS as well as Exchange websites. When the certificate is already installed on the Apache server, we provide detailed instructions including how to use the OpenSSL option if you do not want to use our SSL converter tool.
For questions about the format of our SSL certificates, give us a call at +1 888 266 6361 or talk to our live chat support. You will also be able to verify all information about the certificate when you buy any of our Comodo SSL/TSL certificates.