PKI Toolkit
Certificate Format Converter

Convert a certificate between PEM and DER

Paste or upload a TLS certificate and choose the output format you need. PEM is the Base64 text format used by Apache, nginx, and most Linux tooling; DER is the raw binary encoding often required by Windows and Java-based systems.

Runs entirely in your browser — nothing you paste or upload is sent anywhere

Convert a certificate

This tool works only with the certificate itself, which is public information — it never asks for or handles a private key.

Paste PEM text, or upload a PEM (.pem/.crt/.cer) or binary DER (.der/.cer) file below.
Ready to convert
Paste or upload a certificate, choose an output format, and press Convert.

What you're converting

The summary below is read from the certificate you provided, so you can confirm it's the right one before you rely on the converted file.

Subject
No certificate loaded yet.
Issuer
Serial number
Valid from
Plain English

PEM vs. DER, in short

PEM wraps the certificate's binary data in Base64 text between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines, so it's easy to open, email, or paste. DER is that same data in its raw binary form — smaller, but not readable as text.

When you'll need this

Typical reasons to convert

You might receive a certificate as PEM but need DER for a Windows certificate store or a Java keystore import, or the reverse when moving a certificate onto a Linux web server.

What this tool does not do

No private keys, ever

Certificates are public by design, so converting one is always safe to do in a browser tool. The PKI Toolkit has no field anywhere for pasting a private key — if a tool ever asks you for one, that's a sign to stop and reconsider.