Certificate files have the following formats:
Files with the .cer or .der extension.
Files with the .pem extension.
Files with the .pfx or .P12 extension.
When you append certificates to the ca-bundle.crt file, the HTTP server certificate files must use the PEM format. Use the OpenSSL utility to convert certificates from one format to another. You can get OpenSSL at http://www.openssl.org
For example, to convert the DER file named server.der to PEM format, use the following command:
openssl x509 -in server.der -inform DER -out server.pem -outform PEM
If you want to convert the PKCS12 file named server.pfx to PEM format, use the following command:
openssl pkcs12 -in server.pfx -out server.pem
To convert a private key named key.der from DER to PEM format, use the following command:
openssl rsa -in key.der -inform DER -outform PEM -out keyout.pem
For more information, refer to the OpenSSL documentation. After you convert certificate files to the PEM format, you can append them to the trust certificates file. Also, you can use PEM format private key files with the HTTP transformation or PowerExchange for Web Services.