Convert a certificate
This tool works only with the certificate itself, which is public information — it never asks for or handles a private key.
PEM output
DER output
DER is binary, so it can't be shown as text here — download the file directly.
Paste or upload a TLS certificate and choose the output format you need. PEM is the Base64 text format used by Apache, nginx, and most Linux tooling; DER is the raw binary encoding often required by Windows and Java-based systems.
Runs entirely in your browser — nothing you paste or upload is sent anywhereThis tool works only with the certificate itself, which is public information — it never asks for or handles a private key.
DER is binary, so it can't be shown as text here — download the file directly.
The summary below is read from the certificate you provided, so you can confirm it's the right one before you rely on the converted file.
PEM wraps the certificate's binary data in Base64 text between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines, so it's easy to open, email, or paste. DER is that same data in its raw binary form — smaller, but not readable as text.
You might receive a certificate as PEM but need DER for a Windows certificate store or a Java keystore import, or the reverse when moving a certificate onto a Linux web server.
Certificates are public by design, so converting one is always safe to do in a browser tool. The PKI Toolkit has no field anywhere for pasting a private key — if a tool ever asks you for one, that's a sign to stop and reconsider.