When working with digital certificates in Windows environments, you'll frequently encounter both DER and Base64 encoded files with .cer extensions. The key difference:
- DER: Binary format certificate (ASN.1 DER encoded)
- Base64: ASCII text format (PEM-like but with .cer extension)
Here are three reliable approaches to convert your certificates:
Using OpenSSL (Command Line)
The most universal method:
openssl x509 -inform der -in certificate.cer -outform pem -out certificate_base64.cerWindows Certificate Manager
- Double-click the .cer file
- Go to "Details" tab
- Click "Copy to File"
- Choose "Base-64 encoded X.509 (.CER)" format
PowerShell Conversion
For batch processing:
$cert = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new("C:\path\to\cert.cer")
[System.Convert]::ToBase64String($cert.RawData) | Out-File "C:\path\to\output.cer"After conversion, check your file:
----- BEGIN CERTIFICATE -----
[Base64 content]
----- END CERTIFICATE -----Or use OpenSSL to verify:
openssl x509 -in converted.cer -text -noout- Web server configurations requiring Base64 format
- Cross-platform certificate sharing
- Embedding certificates in configuration files
For bulk conversions, consider this Bash script:
#!/bin/bash
for file in *.cer; do
openssl x509 -inform der -in "$file" -outform pem -out "${file%.*}_converted.cer"
doneWhen working with digital certificates, you'll commonly encounter two encoding formats:
- DER (Distinguished Encoding Rules): Binary format commonly used in Windows systems
- PEM/Base64: ASCII-armored format with BEGIN/END headers, widely used in Unix/Linux systems and web servers
Base64-encoded certificates are often required for:
- Apache/nginx web server configurations
- Cross-platform certificate sharing
- Embedding certificates in configuration files
- Certain programming language requirements (like Node.js)
Using OpenSSL (Command Line)
The most reliable method is using OpenSSL:
openssl x509 -inform der -in certificate.cer -out certificate_base64.cer -outform pem
Using Python
For programmatic conversion:
import base64
with open('certificate.cer', 'rb') as der_file:
der_data = der_file.read()
pem_data = b"-----BEGIN CERTIFICATE-----\n"
pem_data += base64.b64encode(der_data)
pem_data += b"\n-----END CERTIFICATE-----\n"
with open('certificate_base64.cer', 'wb') as pem_file:
pem_file.write(pem_data)
Using Windows CertMgr
For Windows users:
- Double-click the .cer file
- Go to Details tab
- Click "Copy to File"
- Choose "Base-64 encoded X.509 (.CER)"
After conversion, check the file contents:
cat certificate_base64.cer
You should see the Base64 content between BEGIN/END CERTIFICATE headers.
- Ensure the original DER file is valid before conversion
- Some systems may require the .pem extension even for Base64 content
- Watch for line endings (CRLF vs LF) when transferring between systems
For converting multiple certificates:
for cert in *.cer; do
openssl x509 -inform der -in "$cert" -out "${cert%.*}_base64.cer" -outform pem
done
Here's how to use the converted certificate in different scenarios:
Node.js HTTPS Server
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('certificate_base64.cer')
};
https.createServer(options, (req, res) => {
res.end('Hello secure world!');
}).listen(443);
Nginx Configuration
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/certificate_base64.cer;
ssl_certificate_key /path/to/server.key;
# ... other configuration
}