SSL certificates come in a variety of formats.  SpamTitan uses the .pem format.  When purchasing an SSL certificate it is possible you will receive a certificate in a different format and will need to convert it to .pem.

Converting your certificate:

You can convert certificates using the open source openssl software (http://www.openssl.org/related/binaries.html) or an online conversion tool (https://www.sslshopper.com/ssl-converter.html - Please note we do not endorse this site and are just using it as an example)

Some certificates can only be converted to specific formats, so you may have to convert twice e.g. Convert from .crt to .der and then from .der to .pem

Here are some commonly used OpenSSL commands (you may need to specify the path to the file e.g c:\certs\mysert.crt):

  • Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

  • Convert CRT to DER
openssl x509 -in mycert.crt -out mycert.der -outform DER


  • Convert DER to PEM
openssl x509 -in mycert.der -inform DER -out mycert.pem -outform PEM