functions/Convert-Cert.ps1

function Convert-Cert {
[CmdletBinding()]
param(
    [Parameter(Mandatory=$true)][string] $certName,
    [Parameter(Mandatory=$false)][string] $pass = "",
    [Parameter(Mandatory=$false)] $newpass = $null,
    [switch][bool] $public,
    [switch][bool] $priv,
    [ValidateSet("der","pem")]
    $format = "der"
)
    ipmo require
    req process

    $verbose = $VerbosePreference -eq "Continue"

    if ($public -eq $false -and $priv -eq $false) {
        write-warning "please choose one switch: -priv or -public"
        return
    }

    if ($certName.endswith(".key")) {
        $certName = $certName -replace ".key", ""
    }
    if ($certName.endswith(".pem")) {
        $certName = $certName -replace ".pem", ""
    }
    if ($certName.endswith(".pfx")) {
        $certName = $certName -replace ".pfx", ""
    }
    if ($certName.endswith(".cer")) {
        $certName = $certName -replace ".cer", ""
    }
    if ($newpass -eq $null) {
        write-verbose "new pass same as old one"
        $newpass = $pass
    }

    $der = "der"
    if (!(test-path "$certName.$der") -and (test-path "$certName.cer")) { $der = "cer" }
    if ($format -eq "der") {
        if ($public) {
            write-host "converting PUBLIC cert '$certName.pem' to '$certName.$der'"
            invoke openssl x509 -outform der "-in" "$certName.pem" "-out" "$certName.$der" -verbose:$verbose
        }
        elseif ($priv) {
            write-host "converting PRIVATE cert '$certName.pem' to '$certName.pfx', using private key from '$certName.key'"
            invoke openssl pkcs12 -nodes -export "-out" "$certName.pfx" -inkey "$certName.key" "-in" "$certName.pem" -password "pass:$newpass" -passin "pass:$pass" -verbose:$verbose
            write-host "converting PRIVATE cert '$certName.pem' to '$certName.pvk"
            invoke openssl rsa "-in" "$certName.key" -outform PVK -pvk-strong "-out" "$certName.pvk" -passout "pass:$newpass" -passin "pass:$pass" -verbose:$verbose
        }
    } elseif ($format -eq "pem") {
        if ($public) {
            write-host "converting PUBLIC cert '$certName.$der' to '$certName.pem'"
            invoke openssl x509 "-inform" der "-in" "$certName.$der" "-out" "$certName.pem" -verbose:$verbose
        }
         elseif ($priv) {
            write-host "converting PRIVATE cert '$certName.pfx' to '$certName.key' and '$certname.pem'"
            invoke openssl pkcs12 "-in" "$certname.pfx" "-out" "$certname.key" -nodes -password "pass:$newpass" -passin "pass:$pass" -verbose:$verbose
            invoke openssl pkcs12 "-in" "$certname.pfx" -nokeys "-out" "$certname.pem" -passin "pass:$pass" -verbose:$verbose
        }
    }
    else {
        throw "unrecognized format '$format'. try 'pem' or 'der'"
    }
 
}