# Certificate Formats
Most Certificate Authorities (CAs) issue certificates in PEM format.
PEM certificates typically have extensions like `.pem`, `.crt`, `.cer`, and .`key`.
The PEM format uses the header and footer lines `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----`.
Other certificate formats include the `DER/Binary`, `P7B/PKCS#7`, and `PFX/PKCS#12` formats.
Converting Your Existing Certificate To PEM Format
If your certificate is not in PEM format, you can convert it to the PEM format using the following OpenSSL commands:
### Convert DER to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem
### Convert P7B to PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem
### Convert PFX to PEM
openssl pkcs12 -in certificate.pfx -out certificate.pem -nodes
### Removing Passphrase From Existing Private Key File
If you try to upload a passphrase-protected private key file, you will get a "key is invalid" error message. To fix this you will need to remove the passphrase from your private key file and upload the passphrase-free private key file to your appliance. You can remove the passphrase as follows:
1. Run `openssl rsa -in example.key -out example.nocrypt.key`
1. Enter your passphrase.