SSL Converter
Convert PEM certificates and keys to PKCS#12 or PKCS#7, or extract PEM from a PKCS#12 file locally.
About the SSL Converter
The SSL Converter transforms certificate material between common formats without uploading secrets to a server. Convert PEM private keys and certificate chains into a password protected PKCS#12 (.p12) bundle, extract PEM from an existing PKCS#12 file, or build a PKCS#7 certificate chain for legacy systems.
PKCS#12 is the interchange format Windows and many load balancers expect: one file containing the leaf certificate, intermediates, and private key. PKCS#7 bundles multiple PEM certificates into a single signed container without a private key.
All conversion runs in your browser with node-forge. Paste PEM blocks or upload a .p12 file. Passwords stay on your machine. For format verification after conversion, use SSL Decoder or Key Matcher.
Reach developers and designers who use these tools every day. Privacy-first, no trackers.
Frequently asked questions
What is PKCS#12?
PKCS#12 (also called PFX) is a binary archive that can hold a private key and one or more certificates, encrypted with a password. Many servers and Windows tools import .p12 files directly.
Is my private key uploaded?
No. Conversion happens entirely in your browser. Keys and certificates never leave your device.
Why do I need the issuer certificate for OCSP elsewhere?
This tool does not perform OCSP checks. For live revocation status, use the OCSP Checker with leaf and issuer PEM blocks.
What is PKCS#7 used for?
PKCS#7 bundles certificates without a private key. Some older Java, IIS, and email signing workflows accept PKCS#7 instead of separate PEM files.
The PKCS#12 extract failed. What should I check?
Confirm the password matches the file and that you uploaded a valid .p12 or base64 PKCS#12 payload. Corrupted exports from other tools may need to be re-exported with OpenSSL.