A DER-encoded certificate can be transformed into an ASCII (Base64) encoded certificate using OpenSSL. A DER-encoded certificate cannot be read as plain text (unlike a PEM-encoded certificate). DER-encoded certificates typically have the file extensions.DER,.CRT, or.CER.

In the event that a PEM-encoded certificate also has the.CRT or.CER file extension, you can simply copy the file to a new name using the.PEM extension:

$ cp hostname.cer and hostname.pem

Use OpenSSL to convert a DER-encoded certificate to PEM:

X.509 is a standard format for public key certificates, digital documents that securely associate cryptographic key pairs with identities such as websites, individuals, or organizations. However, this can also be converted to .pem files using OpenSSL.

Windows servers use .pfx files which contain the public key file (SSL certificate file) and the private key file. However, this can also be converted to .pem files to  be used on Linux server using OpenSSL.

When installing a SSL certificate with a private key that is encrypted with a passphrase, you must decrypt the private key first. You can identify whether a private key is encrypted or not by opening the private key (.key or .pem file) using a text editor or command line. You should see the text ENCRYPTED if the private key is encrypted.