Free SSL Certificate Converter — PEM to Base64 and Back Online
Convert SSL/TLS certificates between PEM and Base64 (raw) format instantly.
Select the conversion direction, paste your data, and get the result. Everything
runs client-side in your browser — no upload, no account needed, fully private.
via CrtMgr — client-side converter
Two Conversion Modes
PEM → Base64
Extract the raw Base64 body from a PEM-encapsulated certificate. Strips the-----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- headers and any
whitespace, leaving you with a single continuous Base64 string. This is the
format required by many automation tools, API integrations, and configuration
management systems that expect the DER content without PEM wrapping.
For example, converting a certificate for crtmgr.com from PEM to Base64 gives
you the exact DER bytes encoded as a single line of text — ready to paste into
a Kubernetes Secret, a Terraform variable, or an environment variable in a CI
pipeline.
Base64 → PEM
Wrap a raw Base64 certificate body back into standard PEM format with proper-----BEGIN CERTIFICATE----- / -----END CERTIFICATE----- headers and
64-character line folding. The tool auto-detects whether the input is a
certificate or a CSR, so the BEGIN/END markers are always correct. If the input
is ambiguous, it defaults to CERTIFICATE.
This is useful when you’ve received a certificate body from an API, a database,
or a configuration file that stored only the Base64 payload, and you need to
write it to a .crt or .pem file that web servers (Apache, Nginx, HAProxy,
Caddy) and load balancers expect.
When Certificate Format Conversion Matters
Working with SSL/TLS certificates across different platforms often requires
switching between PEM and raw Base64:
- Web servers (Nginx, Apache) expect PEM files with headers and 64-char
line breaks forssl_certificatedirectives. - Cloud platforms (AWS Certificate Manager, Azure Key Vault) may require
the raw body when importing via API or CLI. - Kubernetes TLS Secrets store certificates as Base64-encoded data without
PEM headers — the converter produces exactly that format. - Configuration management tools (Ansible, Terraform, Puppet) sometimes
expect the certificate body as a single-line value in HCL or YAML. - Database storage — if you store certificates in a database column, the
compact Base64 format is often preferred over multi-line PEM.
Supported Certificate Types
The converter works with X.509 certificates, Certificate Signing Requests, and
any other PEM-encapsulated data with standard BEGIN/END markers. It validates
that the Base64 content is syntactically correct before producing output.
Privacy
Conversion is performed entirely in your browser using client-side JavaScript.
No data is ever sent to a server. Production certificates, private PKI material,
and internal CSRs remain completely local.
Rate Limits
There are no limits on conversions. The tool does not call any API — the Base64
encoding and decoding runs directly in your browser.
Related Tools
- SSL Certificate Decoder — after converting a certificate
to PEM or Base64, decode it to inspect every field: subject, issuer, SANs,
public key, extensions, and fingerprint. - CSR Decoder — parse a Certificate Signing Request to verify
its contents before conversion or submission to a Certificate Authority.