How to convert between different security certificate formats

There are many variants of these questions, asking how to convert TLS (technically X.509) certificates between various formats. To be stored in a file, a certificate must be encoded. Some common common encodings are: • DER (Distinguished Encoding Rules), a binary encoding; • PKCS#7 or CMS (Cryptographic Message Syntax), another binary encoding; • PEM (Privacy-Enhanced Mail), an ASCII-armouring of binary data to protect it against accidental corruption by systems such as email that only handle text. A useful convention is for the filename to use an extension that indicates the encoding of the data in it, such as "cert.der" to indicate that the contained certificate is DER-encoded. However it is more common for PEM-encoded certificates to be given a file extension of .crt or .cer. Since PEM can encode other data, such as private keys, it is not uncommon for files to contain multiple PEM-encoded objects. In contrast, a .der file should only contain a single DER-encoded certificate. The PKCS#7/CMS format is very flexible and can contain arbitrary encrypted and/or signed data, but .p7b files contain only certificates, and sometimes certificate revocation lists, in PKCS#7. PKCS#12 or PFX is another format that can contain multiple objects, such as a server private key and the corresponding certificate. Such files have the extension .pfx by convention.