I’m trying to use certificates issued by Microsoft Active Directory Certificate Services (AD CS) to connect to an 802.1x-protected network. NetworkManager expects certificates in PEM format, but AD CS issues them in PKCS#7 format (with a .p7b extension). You can use OpenSSL to convert the certificates:
openssl pkcs7 -print_certs -inform DER -in certnew.p7b -out cert-chain.pem
In this command, certnew.p7b is the PKCS#7-encoded certificate chain you received from AD CS, and cert-chain.pem is the desired output file.