diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h
index 1e7cc76c2..b28e98e28 100644
--- a/cyassl/ctaocrypt/asn.h
+++ b/cyassl/ctaocrypt/asn.h
@@ -38,10 +38,8 @@
 
 #include <wolfssl/wolfcrypt/asn.h>
 
-#ifndef WOLFSSL_PEMCERT_TODER_DEFINED
 #ifndef NO_FILESYSTEM
-    #define CyaSSL_PemCertToDer wolfSSL_PemCertToDer
-#endif
+    #define CyaSSL_PemCertToDer wc_PemCertToDer
 #endif
 
 #endif /* CTAO_CRYPT_ASN_H */
diff --git a/cyassl/ssl.h b/cyassl/ssl.h
index f593ac538..37b9a275d 100644
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@@ -657,7 +657,6 @@
 
 
 /* OpenSSL Compatibility Layer */
-#define CyaSSL_PemCertToDer               wolfSSL_PemCertToDer
 #define CyaSSL_get_sessionID              wolfSSL_get_sessionID
 #define CyaSSL_get_peer_count             wolfSSL_get_peer_count
 #define CyaSSL_get_chain_cert             wolfSSL_get_chain_cert
diff --git a/doc/dox_comments/header_files/asn.h b/doc/dox_comments/header_files/asn.h
index 1a8f2aaa5..e69de29bb 100644
--- a/doc/dox_comments/header_files/asn.h
+++ b/doc/dox_comments/header_files/asn.h
@@ -1,34 +0,0 @@
-/*!
-    \ingroup ASN
-    
-    \brief This function converts a pem certificate to a der certificate, 
-    and places the resulting certificate in the derBuf buffer provided.
-    
-    \return Success On success returns the size of the derBuf generated
-    \return BUFFER_E Returned if the size of derBuf is too small to hold 
-    the certificate generated
-    \return MEMORY_E Returned if the call to XMALLOC fails
-    
-    \param fileName path to the file containing a pem certificate to 
-    convert to a der certificate
-    \param derBuf pointer to a char buffer in which to store the 
-    converted certificate
-    \param derSz size of the char buffer in which to store the 
-    converted certificate
-    
-    _Example_
-    \code
-    char * file = “./certs/client-cert.pem”;
-    int derSz;
-    byte * der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
-
-    derSz = wolfsSSL_PemCertToDer(file, der, EIGHTK_BUF);
-    if(derSz <= 0) {
-    	//PemCertToDer error
-    }
-    \endcode
-    
-    \sa none
-*/
-WOLFSSL_API
-int wolfSSL_PemCertToDer(const char* fileName,unsigned char* derBuf,int derSz);
diff --git a/doc/dox_comments/header_files/asn_public.h b/doc/dox_comments/header_files/asn_public.h
index c36bc769e..a3a6c4ed2 100644
--- a/doc/dox_comments/header_files/asn_public.h
+++ b/doc/dox_comments/header_files/asn_public.h
@@ -913,11 +913,11 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
     \sa wc_InitCert
     \sa wc_MakeCert
 */
-        WOLFSSL_API int  wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
-                                     const byte* ntruKey, word16 keySz,
-                                     WC_RNG*);
+WOLFSSL_API int  wc_MakeNtruCert(Cert*, byte* derBuffer, word32 derSz,
+                             const byte* ntruKey, word16 keySz,
+                             WC_RNG*);
 /*!
-    \ingroup Keys
+    \ingroup ASN
     
     \brief Loads a PEM key from a file and converts to a DER encoded buffer.
     
@@ -936,18 +936,18 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
     char* some_file = "filename";
     unsigned char der[];
 
-    if(wolfSSL_PemPubKeyToDer(some_file, der, sizeof(der)) != 0)
+    if(wc_PemPubKeyToDer(some_file, der, sizeof(der)) != 0)
     {
         //Handle Error
     }
     \endcode
     
-    \sa wolfSSL_PubKeyPemToDer
+    \sa wc_PubKeyPemToDer
 */
-        WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName,
-                                               unsigned char* derBuf, int derSz);
+WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName,
+                                       unsigned char* derBuf, int derSz);
 /*!
-    \ingroup Keys
+    \ingroup ASN
     
     \brief Convert a PEM encoded public key to DER.  Returns the number of 
     bytes written to the buffer or a negative value for an error.
@@ -966,17 +966,53 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
     byte some_pem[] = { Initialize with PEM key }
     unsigned char out_buffer[1024]; // Ensure buffer is large enough to fit DER
 
-    if(wolfSSL_PubKeyPemToDer(some_pem, sizeof(some_pem), out_buffer, 
+    if(wc_PubKeyPemToDer(some_pem, sizeof(some_pem), out_buffer, 
     sizeof(out_buffer)) < 0)
     {
         // Handle error
     }
     \endcode
 
-    \sa wolfSSL_PemPubKeyToDer
+    \sa wc_PemPubKeyToDer
 */
-        WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int,
-                                               unsigned char*, int);
+WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
+                                       unsigned char*, int);
+
+/*!
+    \ingroup ASN
+    
+    \brief This function converts a pem certificate to a der certificate, 
+    and places the resulting certificate in the derBuf buffer provided.
+    
+    \return Success On success returns the size of the derBuf generated
+    \return BUFFER_E Returned if the size of derBuf is too small to hold 
+    the certificate generated
+    \return MEMORY_E Returned if the call to XMALLOC fails
+    
+    \param fileName path to the file containing a pem certificate to 
+    convert to a der certificate
+    \param derBuf pointer to a char buffer in which to store the 
+    converted certificate
+    \param derSz size of the char buffer in which to store the 
+    converted certificate
+    
+    _Example_
+    \code
+    char * file = “./certs/client-cert.pem”;
+    int derSz;
+    byte * der = (byte*)XMALLOC(EIGHTK_BUF, NULL, DYNAMIC_TYPE_CERT);
+
+    derSz = wc_PemCertToDer(file, der, EIGHTK_BUF);
+    if(derSz <= 0) {
+        //PemCertToDer error
+    }
+    \endcode
+    
+    \sa none
+*/
+WOLFSSL_API
+int wc_PemCertToDer(const char* fileName,unsigned char* derBuf,int derSz);
+
 /*!
     \ingroup ASN
     
@@ -1015,7 +1051,7 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
     pemSz = wc_DerToPem(der, derSz,pemFormatted,FOURK_BUF, CERT_TYPE);
     \endcode
     
-    \sa wolfSSL_PemCertToDer
+    \sa wc_PemCertToDer
 */
     WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
                                 word32 outputSz, int type);
@@ -1059,10 +1095,108 @@ WOLFSSL_API int wc_SetKeyUsage(Cert *cert, const char *value);
     pemSz = wc_DerToPemEx(der, derSz,pemFormatted,FOURK_BUF, ,CERT_TYPE);
     \endcode
     
-    \sa wolfSSL_PemCertToDer
+    \sa wc_PemCertToDer
 */
     WOLFSSL_API int wc_DerToPemEx(const byte* der, word32 derSz, byte* output,
                                 word32 outputSz, byte *cipherIno, int type);
+
+/*!
+    \ingroup CertsKeys
+
+    \brief Converts a key in PEM format to DER format.
+    
+    \return int the function returns the number of bytes written to 
+    the buffer on successful execution.
+    \return int negative int returned indicating an error.
+    
+    \param pem a pointer to the PEM encoded certificate.
+    \param pemSz the size of the PEM buffer (pem)
+    \param buff a pointer to the copy of the buffer member of the 
+    DerBuffer struct.
+    \param buffSz size of the buffer space allocated in the DerBuffer struct.
+    \param pass password passed into the function.
+    
+    _Example_
+    \code
+    byte* loadBuf;
+    long fileSz = 0;
+    byte* bufSz;
+    static int LoadKeyFile(byte** keyBuf, word32* keyBufSz, 
+    const char* keyFile,
+                    int typeKey, const char* pasword);
+    …
+    bufSz = wc_KeyPemToDer(loadBuf, (int)fileSz, saveBuf,
+    (int)fileSz, password);
+
+    if(saveBufSz > 0){
+        // Bytes were written to the buffer.
+    }
+    \endcode
+    
+    \sa wc_PemToDer
+*/
+WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int,
+                                    unsigned char*, int, const char*);
+/*!
+    \ingroup CertsKeys
+
+    \brief This function converts a PEM formatted certificate to DER 
+    format. Calls OpenSSL function PemToDer.
+    
+    \return buffer returns the bytes written to the buffer.
+    
+    \param pem pointer PEM formatted certificate.
+    \param pemSz size of the certificate.
+    \param buff buffer to be copied to DER format.
+    \param buffSz size of the buffer.
+    \param type Certificate file type found in asn_public.h enum CertType.
+    
+    _Example_
+    \code
+    const unsigned char* pem;
+    int pemSz;
+    unsigned char buff[BUFSIZE];
+    int buffSz = sizeof(buff)/sizeof(char);
+    int type;   
+    ...
+    if(wc_CertPemToDer(pem, pemSz, buff, buffSz, type) <= 0) {
+        // There were bytes written to buffer
+    }
+    \endcode
+    
+    \sa wc_PemToDer
+*/
+WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int,
+                                     unsigned char*, int, int);
+/*!
+    \ingroup CertsKeys
+
+    \brief Converts the PEM format to DER format.
+    
+    \return int an int type representing the bytes written to buffer.
+    \param <0 returned for an error.
+    \param BAD_FUNC_ARG returned if the DER length is incorrect or if the 
+    pem buff, or buffSz arguments are NULL.
+    
+    _Example_
+    \code
+    unsigned char* pem = “pem file”;
+    int pemSz = sizeof(pem)/sizeof(char);
+    unsigned char* buff;
+    int buffSz;
+    ...
+    if(wc_PubKeyPemToDer(pem, pemSz, buff, buffSz)!= SSL_SUCCESS){
+        // Conversion was not successful
+    }
+    \endcode
+    
+    \sa wc_PubKeyPemToDer
+    \sa wc_PemPubKeyToDer
+    \sa wc_PemToDer
+*/
+        WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
+                                               unsigned char*, int);
+
 /*!
     \ingroup ASN
     
diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h
index a512be754..f4d073815 100644
--- a/doc/dox_comments/header_files/ssl.h
+++ b/doc/dox_comments/header_files/ssl.h
@@ -1366,38 +1366,7 @@ WOLFSSL_API int wolfSSL_use_RSAPrivateKey_file(WOLFSSL*, const char*, int);
     \sa wolfSSL_use_certificate_chain_buffer
 */
     WOLFSSL_API int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX*, const char*);
-/*!
-    \ingroup openSSL
-    
-    \brief Loads the PEM certificate from fileName and converts it into DER 
-    format, placing the result into derBuffer which is of size derSz.
-    
-    \return Success If successful the call will return the number of bytes 
-    written to derBuffer.
-    \return SSL_BAD_FILE will be returned if the file doesn’t exist, can’t be 
-    read, or is corrupted.
-    \return MEMORY_E will be returned if an out of memory condition occurs.
-    \return SSL_NO_PEM_HEADER will be returned if the PEM certificate header 
-    can’t be found.
-    \return BUFFER_E will be returned if a chain buffer is bigger than the 
-    receiving buffer.
-    
-    \param filename pointer to the name of the PEM-formatted certificate for 
-    conversion.
-    \param derBuffer the buffer for which the converted PEM certificate will 
-    be placed in DER format.
-    \param derSz size of derBuffer.
-    
-    _Example_
-    \code
-    int derSz;
-    byte derBuf[...];
-    derSz = wolfSSL_PemCertToDer(“./cert.pem”, derBuf, sizeof(derBuf));
-    \endcode
-    
-    \sa SSL_get_peer_certificate
-*/
-    WOLFSSL_API int wolfSSL_PemCertToDer(const char*, unsigned char*, int);
+
 /*!
     \ingroup Setup
 
@@ -7193,102 +7162,7 @@ WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*);
     \sa wolfSSL_CTX_new
 */
 WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
-/*!
-    \ingroup CertsKeys
 
-    \brief Converts a key in PEM format to DER format.
-    
-    \return int the function returns the number of bytes written to 
-    the buffer on successful execution.
-    \return int negative int returned indicating an error.
-    
-    \param pem a pointer to the PEM encoded certificate.
-    \param pemSz the size of the PEM buffer (pem)
-    \param buff a pointer to the copy of the buffer member of the 
-    DerBuffer struct.
-    \param buffSz size of the buffer space allocated in the DerBuffer struct.
-    \param pass password passed into the function.
-    
-    _Example_
-    \code
-    byte* loadBuf;
-    long fileSz = 0;
-    byte* bufSz;
-    static int LoadKeyFile(byte** keyBuf, word32* keyBufSz, 
-    const char* keyFile,
-					int typeKey, const char* pasword);
-    …
-    bufSz = wolfSSL_KeyPemToDer(loadBuf, (int)fileSz, saveBuf,
-    (int)fileSz, password);
-
-    if(saveBufSz > 0){
-    	// Bytes were written to the buffer.
-    }
-    \endcode
-    
-    \sa PemToDer
-*/
-WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int,
-                                    unsigned char*, int, const char*);
-/*!
-    \ingroup CertsKeys
-
-    \brief This function converts a PEM formatted certificate to DER 
-    format. Calls OpenSSL function PemToDer.
-    
-    \return buffer returns the bytes written to the buffer.
-    
-    \param pem pointer PEM formatted certificate.
-    \param pemSz size of the certificate.
-    \param buff buffer to be copied to DER format.
-    \param buffSz size of the buffer.
-    \param type Certificate file type found in asn_public.h enum CertType.
-    
-    _Example_
-    \code
-    const unsigned char* pem;
-    int pemSz;
-    unsigned char buff[BUFSIZE];
-    int buffSz = sizeof(buff)/sizeof(char);
-    int type;   
-    ...
-    if(wolfSSL_CertPemToDer(pem, pemSz, buff, buffSz, type) <= 0) {
-	    // There were bytes written to buffer
-    }
-    \endcode
-    
-    \sa PemToDer
-*/
-WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int,
-                                     unsigned char*, int, int);
-/*!
-    \ingroup CertsKeys
-
-    \brief Converts the PEM format to DER format.
-    
-    \return int an int type representing the bytes written to buffer.
-    \param <0 returned for an error.
-    \param BAD_FUNC_ARG returned if the DER length is incorrect or if the 
-    pem buff, or buffSz arguments are NULL.
-    
-    _Example_
-    \code
-    unsigned char* pem = “pem file”;
-    int pemSz = sizeof(pem)/sizeof(char);
-    unsigned char* buff;
-    int buffSz;
-    ...
-    if(wolfSSL_PubKeyPemToDer(pem, pemSz, buff, buffSz)!= SSL_SUCCESS){
-	    // Conversion was not successful
-    }
-    \endcode
-    
-    \sa wolfSSL_PubKeyPemToDer
-    \sa wolfSSL_PemPubKeyToDer
-    \sa PemToDer
-*/
-        WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int,
-                                               unsigned char*, int);
 /*!
     \brief Allows caller to set the Atomic User Record Processing 
     Mac/Encrypt Callback.  The callback should return 0 for success 
diff --git a/src/crl.c b/src/crl.c
index 338ac1a40..790c2f962 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -442,6 +442,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
         return BAD_FUNC_ARG;
 
     if (type == WOLFSSL_FILETYPE_PEM) {
+    #ifdef WOLFSSL_PEM_TO_DER
         ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, NULL, NULL);
         if (ret == 0) {
             myBuffer = der->buffer;
@@ -452,6 +453,9 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
             FreeDer(&der);
             return -1;
         }
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
     }
 
 #ifdef WOLFSSL_SMALL_STACK
diff --git a/src/sniffer.c b/src/sniffer.c
index f619b0d2f..9f27ee97f 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -1189,7 +1189,7 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz,
 
         ret = -1;
         if (saveBuf != NULL) {
-            saveBufSz = wolfSSL_KeyPemToDer(loadBuf, (int)fileSz,
+            saveBufSz = wc_KeyPemToDer(loadBuf, (int)fileSz,
                                                 saveBuf, (int)fileSz, password);
             if (saveBufSz < 0) {
                 saveBufSz = 0;
diff --git a/src/ssl.c b/src/ssl.c
index ac7c271c7..48a9513d5 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3040,47 +3040,6 @@ int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm)
 }
 #endif /* WOLFSSL_TRUST_PEER_CERT */
 
-
-/* Return bytes written to buff or < 0 for error */
-int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,
-                        unsigned char* buff, int buffSz, int type)
-{
-    int            eccKey = 0;
-    int            ret;
-    DerBuffer*     der = NULL;
-
-    WOLFSSL_ENTER("wolfSSL_CertPemToDer");
-
-    if (pem == NULL || buff == NULL || buffSz <= 0) {
-        WOLFSSL_MSG("Bad pem der args");
-        return BAD_FUNC_ARG;
-    }
-
-    if (type != CERT_TYPE && type != CA_TYPE && type != CERTREQ_TYPE) {
-        WOLFSSL_MSG("Bad cert type");
-        return BAD_FUNC_ARG;
-    }
-
-
-    ret = PemToDer(pem, pemSz, type, &der, NULL, NULL, &eccKey);
-    if (ret < 0) {
-        WOLFSSL_MSG("Bad Pem To Der");
-    }
-    else {
-        if (der->length <= (word32)buffSz) {
-            XMEMCPY(buff, der->buffer, der->length);
-            ret = der->length;
-        }
-        else {
-            WOLFSSL_MSG("Bad der length");
-            ret = BAD_FUNC_ARG;
-        }
-    }
-
-    FreeDer(&der);
-    return ret;
-}
-
 #endif /* NO_CERTS */
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
@@ -3413,78 +3372,6 @@ void wolfSSL_EVP_init(void)
 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER */
 
 
-#ifndef NO_CERTS
-
-/* our KeyPemToDer password callback, password in userData */
-static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
-{
-    (void)rw;
-
-    if (userdata == NULL)
-        return 0;
-
-    XSTRNCPY(passwd, (char*)userdata, sz);
-    return min((word32)sz, (word32)XSTRLEN((char*)userdata));
-}
-
-/* Return bytes written to buff or < 0 for error */
-int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz,
-                        unsigned char* buff, int buffSz, const char* pass)
-{
-    int            eccKey = 0;
-    int            ret;
-    DerBuffer*     der = NULL;
-#ifdef WOLFSSL_SMALL_STACK
-    EncryptedInfo* info = NULL;
-#else
-    EncryptedInfo  info[1];
-#endif
-
-    WOLFSSL_ENTER("wolfSSL_KeyPemToDer");
-
-    if (pem == NULL || buff == NULL || buffSz <= 0) {
-        WOLFSSL_MSG("Bad pem der args");
-        return BAD_FUNC_ARG;
-    }
-
-#ifdef WOLFSSL_SMALL_STACK
-    info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
-                                   DYNAMIC_TYPE_ENCRYPTEDINFO);
-    if (info == NULL)
-        return MEMORY_E;
-#endif
-
-    XMEMSET(info, 0, sizeof(EncryptedInfo));
-    info->passwd_cb = OurPasswordCb;
-    info->passwd_userdata = (void*)pass;
-
-    ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, &eccKey);
-
-#ifdef WOLFSSL_SMALL_STACK
-    XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
-#endif
-
-    if (ret < 0) {
-        WOLFSSL_MSG("Bad Pem To Der");
-    }
-    else {
-        if (der->length <= (word32)buffSz) {
-            XMEMCPY(buff, der->buffer, der->length);
-            ret = der->length;
-        }
-        else {
-            WOLFSSL_MSG("Bad der length");
-            ret = BAD_FUNC_ARG;
-        }
-    }
-
-    FreeDer(&der);
-    return ret;
-}
-
-#endif /* !NO_CERTS */
-
-
 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
 
 void wolfSSL_ERR_print_errors_fp(FILE* fp, int err)
@@ -4385,14 +4272,17 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
 
         WOLFSSL_MSG("Processing Cert Chain");
         while (consumed < sz) {
-            int eccKey = 0;
             DerBuffer* part = NULL;
             word32 remain = (word32)(sz - consumed);
             info->consumed = 0;
 
             if (format == WOLFSSL_FILETYPE_PEM) {
+            #ifdef WOLFSSL_PEM_TO_DER
                 ret = PemToDer(buff + consumed, remain, type, &part,
-                               heap, info, &eccKey);
+                               heap, info, NULL);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif
             }
             else {
                 int length = remain;
@@ -4532,9 +4422,14 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
 #endif
 
     if (format == WOLFSSL_FILETYPE_PEM) {
+    #ifdef WOLFSSL_PEM_TO_DER
         ret = PemToDer(buff, sz, type, &der, heap, info, &eccKey);
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
     }
-    else {  /* ASN1 (DER) or RAW (NTRU) */
+    else {
+        /* ASN1 (DER) or RAW (NTRU) */
         int length = (int)sz;
         if (format == WOLFSSL_FILETYPE_ASN1) {
             /* get length of der (read sequence) */
@@ -4544,7 +4439,9 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
             }
             length += inOutIdx; /* include leading squence */
         }
+
         info->consumed = length;
+
         if (ret == 0) {
             ret = AllocDer(&der, (word32)length, type, heap);
             if (ret == 0) {
@@ -5303,6 +5200,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
 #endif
 
     if (format == WOLFSSL_FILETYPE_PEM) {
+#ifdef WOLFSSL_PEM_TO_DER
         ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, NULL, NULL);
         if (ret != 0) {
             FreeDer(&der);
@@ -5312,9 +5210,13 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
             return ret;
         }
         InitDecodedCert(cert, der->buffer, der->length, cm->heap);
+#else
+        ret = NOT_COMPILED_IN;
+#endif
     }
-    else
+    else {
         InitDecodedCert(cert, (byte*)buff, (word32)sz, cm->heap);
+    }
 
     if (ret == 0)
         ret = ParseCertRelative(cert, CERT_TYPE, 1, cm);
@@ -6412,12 +6314,12 @@ static int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
 WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio,
         WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey)
 {
+    WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL;
+#ifdef WOLFSSL_PEM_TO_DER
     unsigned char* mem;
     int memSz;
     int keySz;
 
-    WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8;
-
     WOLFSSL_MSG("wolfSSL_d2i_PKCS8_PKEY_bio()");
 
     if (bio == NULL) {
@@ -6428,7 +6330,7 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio,
         return NULL;
     }
 
-    if ((keySz = wolfSSL_KeyPemToDer(mem, memSz, mem, memSz, NULL)) < 0) {
+    if ((keySz = wc_KeyPemToDer(mem, memSz, mem, memSz, NULL)) < 0) {
         WOLFSSL_MSG("Not PEM format");
         keySz = memSz;
         if ((keySz = ToTraditional((byte*)mem, (word32)keySz)) < 0) {
@@ -6448,6 +6350,10 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio,
     if (pkey != NULL) {
         *pkey = pkcs8;
     }
+#else
+    (void)bio;
+    (void)pkey;
+#endif /* WOLFSSL_PEM_TO_DER */
 
     return pkcs8;
 }
@@ -7353,42 +7259,6 @@ int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX* ctx, const char* file)
 #endif /* NO_FILESYSTEM */
 
 
-#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
-/* Return bytes written to buff or < 0 for error */
-int wolfSSL_PubKeyPemToDer(const unsigned char* pem, int pemSz,
-                           unsigned char* buff, int buffSz)
-{
-    int ret;
-    DerBuffer* der = NULL;
-
-    WOLFSSL_ENTER("wolfSSL_PubKeyPemToDer");
-
-    if (pem == NULL || buff == NULL || buffSz <= 0) {
-        WOLFSSL_MSG("Bad pem der args");
-        return BAD_FUNC_ARG;
-    }
-
-    ret = PemToDer(pem, pemSz, PUBLICKEY_TYPE, &der, NULL, NULL, NULL);
-    if (ret < 0) {
-        WOLFSSL_MSG("Bad Pem To Der");
-    }
-    else {
-        if (der->length <= (word32)buffSz) {
-            XMEMCPY(buff, der->buffer, der->length);
-            ret = der->length;
-        }
-        else {
-            WOLFSSL_MSG("Bad der length");
-            ret = BAD_FUNC_ARG;
-        }
-    }
-
-    FreeDer(&der);
-    return ret;
-}
-#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
-
-
 void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc)
 {
     WOLFSSL_ENTER("wolfSSL_CTX_set_verify");
@@ -10735,17 +10605,21 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             ret = WOLFSSL_BAD_FILETYPE;
         else {
             if (format == WOLFSSL_FILETYPE_PEM) {
+#ifdef WOLFSSL_PEM_TO_DER
                 FreeDer(&der);
                 ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap,
                                NULL, NULL);
-#ifdef WOLFSSL_WPAS
-    #ifndef NO_DSA
+    #ifdef WOLFSSL_WPAS
+        #ifndef NO_DSA
                 if (ret < 0) {
                     ret = PemToDer(buf, sz, DSA_PARAM_TYPE, &der, ctx->heap,
                                NULL, NULL);
                 }
-    #endif
-#endif
+        #endif
+    #endif /* WOLFSSL_WPAS */
+#else
+                ret = NOT_COMPILED_IN;
+#endif /* WOLFSSL_PEM_TO_DER */
             }
 
             if (ret == 0) {
@@ -14987,9 +14861,13 @@ WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
     WOLFSSL_ENTER("wolfSSL_X509_load_certificate_ex");
 
     if (format == WOLFSSL_FILETYPE_PEM) {
+    #ifdef WOLFSSL_PEM_TO_DER
         if (PemToDer(buf, sz, CERT_TYPE, &der, NULL, NULL, NULL) != 0) {
             FreeDer(&der);
         }
+    #else
+        ret = NOT_COMPILED_IN;
+    #endif
     }
     else {
         ret = AllocDer(&der, (word32)sz, CERT_TYPE, NULL);
@@ -17146,7 +17024,8 @@ int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP* lookup, const char* dir,
 int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
                                  const char* file, long type)
 {
-#ifndef NO_FILESYSTEM
+#if !defined(NO_FILESYSTEM) && \
+    (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
     int           ret = WOLFSSL_FAILURE;
     XFILE         fp;
     long          sz;
@@ -25038,7 +24917,8 @@ void *wolfSSL_OPENSSL_malloc(size_t a)
 {
   return XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL);
 }
-#if defined(WOLFSSL_KEY_GEN)
+
+#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER)
 
 static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
                          unsigned char* passwd, int passwdSz, byte **cipherInfo)
@@ -25135,7 +25015,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
 
     return WOLFSSL_SUCCESS;
 }
-#endif /* WOLFSSL_KEY_GEN */
+#endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */
 
 #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
 /* Takes a WOLFSSL_RSA key and writes it out to a WOLFSSL_BIO
@@ -25285,7 +25165,8 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
 }
 #endif /* defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) */
 
-#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
+    (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
 
 /* return code compliant with OpenSSL :
  *   1 if success, 0 if error
@@ -25441,7 +25322,8 @@ int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa,
     return WOLFSSL_SUCCESS;
 }
 #endif /* NO_FILESYSTEM */
-#endif /* defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) */
+#endif /* WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA && WOLFSSL_PEM_TO_DER */
+
 
 #ifdef HAVE_ECC
 
@@ -26746,6 +26628,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc,
                                        unsigned char* passwd, int passwdSz,
                                        unsigned char **pem, int *plen)
 {
+#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
     byte *derBuf, *tmp, *cipherInfo = NULL;
     int  der_max_len = 0, derSz = 0;
     const int type = ECC_PRIVATEKEY_TYPE;
@@ -26850,6 +26733,15 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc,
     XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
 
     return WOLFSSL_SUCCESS;
+#else
+    (void)ecc;
+    (void)cipher;
+    (void)passwd;
+    (void)passwdSz;
+    (void)pem;
+    (void)plen;
+    return WOLFSSL_FAILURE;
+#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
 }
 
 #ifndef NO_FILESYSTEM
@@ -26929,6 +26821,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
                                         unsigned char* passwd, int passwdSz,
                                         unsigned char **pem, int *plen)
 {
+#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
     byte *derBuf, *tmp, *cipherInfo = NULL;
     int  der_max_len = 0, derSz = 0;
     const int type = DSA_PRIVATEKEY_TYPE;
@@ -27033,6 +26926,15 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
     XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
 
     return WOLFSSL_SUCCESS;
+#else
+    (void)dsa;
+    (void)cipher;
+    (void)passwd;
+    (void)passwdSz;
+    (void)pem;
+    (void)plen;
+    return WOLFSSL_FAILURE;
+#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
 }
 
 #ifndef NO_FILESYSTEM
@@ -27618,6 +27520,7 @@ WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
 int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
                                unsigned char* buf, int inLen, int* outLen)
 {
+#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
     const char* header = NULL;
     const char* footer = NULL;
     int headerLen;
@@ -27671,6 +27574,14 @@ int  wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
     *outLen += headerLen + footerLen;
 
     return WOLFSSL_SUCCESS;
+#else
+    (void)chain;
+    (void)idx;
+    (void)buf;
+    (void)inLen;
+    (void)outLen;
+    return WOLFSSL_FAILURE;
+#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
 }
 
 
@@ -28257,6 +28168,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
                                                  pem_password_cb *cb, void *u)
     {
         WOLFSSL_X509* x509 = NULL;
+#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
         unsigned char* pem = NULL;
         int pemSz;
         long  i = 0, l;
@@ -28292,7 +28204,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
 #else
             WOLFSSL_MSG("Unable to read file with NO_FILESYSTEM defined");
             return NULL;
-#endif
+#endif /* !NO_FILESYSTEM */
         }
         else
             return NULL;
@@ -28336,6 +28248,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
 
         XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
 
+#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
+        (void)bp;
+        (void)x;
         (void)cb;
         (void)u;
 
diff --git a/tests/api.c b/tests/api.c
index 96521fddd..acbe9a6bc 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -2926,11 +2926,11 @@ static void test_wolfSSL_PKCS8(void)
     wolfSSL_CTX_free(ctx);
 
     /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
-    AssertIntGT(wolfSSL_KeyPemToDer(buffer, bytes, der, FOURK_BUF, "yassl123"),
+    AssertIntGT(wc_KeyPemToDer(buffer, bytes, der, FOURK_BUF, "yassl123"),
                 0);
 
     /* test that error value is returned with a bad password */
-    AssertIntLT(wolfSSL_KeyPemToDer(buffer, bytes, der, FOURK_BUF, "bad"), 0);
+    AssertIntLT(wc_KeyPemToDer(buffer, bytes, der, FOURK_BUF, "bad"), 0);
 
     printf(resultFmt, passed);
 #endif /* OPENSSL_EXTRA */
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 6f957befd..aac691823 100755
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -7083,6 +7083,63 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx,
 }
 
 
+int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap)
+{
+    int ret = BAD_FUNC_ARG;
+    if (pDer) {
+        int dynType = 0;
+        DerBuffer* der;
+
+        /* Determine dynamic type */
+        switch (type) {
+            case CA_TYPE:   dynType = DYNAMIC_TYPE_CA;   break;
+            case CERT_TYPE: dynType = DYNAMIC_TYPE_CERT; break;
+            case CRL_TYPE:  dynType = DYNAMIC_TYPE_CRL;  break;
+            case DSA_TYPE:  dynType = DYNAMIC_TYPE_DSA;  break;
+            case ECC_TYPE:  dynType = DYNAMIC_TYPE_ECC;  break;
+            case RSA_TYPE:  dynType = DYNAMIC_TYPE_RSA;  break;
+            default:        dynType = DYNAMIC_TYPE_KEY;  break;
+        }
+
+        /* Setup new buffer */
+        *pDer = (DerBuffer*)XMALLOC(sizeof(DerBuffer) + length, heap, dynType);
+        if (*pDer == NULL) {
+            return MEMORY_E;
+        }
+        XMEMSET(*pDer, 0, sizeof(DerBuffer) + length);
+
+        der = *pDer;
+        der->type = type;
+        der->dynType = dynType; /* Cache this for FreeDer */
+        der->heap = heap;
+        der->buffer = (byte*)der + sizeof(DerBuffer);
+        der->length = length;
+        ret = 0; /* Success */
+    }
+    return ret;
+}
+
+void FreeDer(DerBuffer** pDer)
+{
+    if (pDer && *pDer)
+    {
+        DerBuffer* der = (DerBuffer*)*pDer;
+
+        /* ForceZero private keys */
+        if (der->type == PRIVATEKEY_TYPE) {
+            ForceZero(der->buffer, der->length);
+        }
+        der->buffer = NULL;
+        der->length = 0;
+        XFREE(der, der->heap, der->dynType);
+
+        *pDer = NULL;
+    }
+}
+
+
+#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
+
 /* Max X509 header length indicates the max length + 2 ('\n', '\0') */
 #define MAX_X509_HEADER_SZ  (37 + 2)
 
@@ -7209,6 +7266,7 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
 static const char* const kProcTypeHeader = "Proc-Type";
 static const char* const kDecInfoHeader = "DEK-Info";
 
+#ifdef WOLFSSL_PEM_TO_DER
 #ifndef NO_DES3
     static const char* const kEncTypeDes = "DES-CBC";
     static const char* const kEncTypeDes3 = "DES-EDE3-CBC";
@@ -7372,6 +7430,7 @@ static int wc_EncryptedInfoParse(EncryptedInfo* info,
 
     return err;
 }
+#endif /* WOLFSSL_PEM_TO_DER */
 
 #ifdef WOLFSSL_DER_TO_PEM
 static int wc_EncryptedInfoAppend(char* dest, char* cipherInfo)
@@ -7536,59 +7595,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
 
 #endif /* WOLFSSL_DER_TO_PEM */
 
-int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap)
-{
-    int ret = BAD_FUNC_ARG;
-    if (pDer) {
-        int dynType = 0;
-        DerBuffer* der;
-
-        /* Determine dynamic type */
-        switch (type) {
-            case CA_TYPE:   dynType = DYNAMIC_TYPE_CA;   break;
-            case CERT_TYPE: dynType = DYNAMIC_TYPE_CERT; break;
-            case CRL_TYPE:  dynType = DYNAMIC_TYPE_CRL;  break;
-            case DSA_TYPE:  dynType = DYNAMIC_TYPE_DSA;  break;
-            case ECC_TYPE:  dynType = DYNAMIC_TYPE_ECC;  break;
-            case RSA_TYPE:  dynType = DYNAMIC_TYPE_RSA;  break;
-            default:        dynType = DYNAMIC_TYPE_KEY;  break;
-        }
-
-        /* Setup new buffer */
-        *pDer = (DerBuffer*)XMALLOC(sizeof(DerBuffer) + length, heap, dynType);
-        if (*pDer == NULL) {
-            return MEMORY_E;
-        }
-        XMEMSET(*pDer, 0, sizeof(DerBuffer) + length);
-
-        der = *pDer;
-        der->type = type;
-        der->dynType = dynType; /* Cache this for FreeDer */
-        der->heap = heap;
-        der->buffer = (byte*)der + sizeof(DerBuffer);
-        der->length = length;
-        ret = 0; /* Success */
-    }
-    return ret;
-}
-
-void FreeDer(DerBuffer** pDer)
-{
-    if (pDer && *pDer)
-    {
-        DerBuffer* der = (DerBuffer*)*pDer;
-
-        /* ForceZero private keys */
-        if (der->type == PRIVATEKEY_TYPE) {
-            ForceZero(der->buffer, der->length);
-        }
-        der->buffer = NULL;
-        der->length = 0;
-        XFREE(der, der->heap, der->dynType);
-
-        *pDer = NULL;
-    }
-}
+#ifdef WOLFSSL_PEM_TO_DER
 
 /* Remove PEM header/footer, convert to ASN1, store any encrypted data
    info->consumed tracks of PEM bytes consumed in case multiple parts */
@@ -7804,11 +7811,160 @@ int wc_PemToDer(const unsigned char* buff, long longSz, int type,
 }
 
 
-#ifndef NO_FILESYSTEM
-#ifdef WOLFSSL_CERT_GEN
+/* our KeyPemToDer password callback, password in userData */
+static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
+{
+    (void)rw;
 
+    if (userdata == NULL)
+        return 0;
+
+    XSTRNCPY(passwd, (char*)userdata, sz);
+    return min((word32)sz, (word32)XSTRLEN((char*)userdata));
+}
+
+/* Return bytes written to buff or < 0 for error */
+int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
+                        unsigned char* buff, int buffSz, const char* pass)
+{
+    int            eccKey = 0;
+    int            ret;
+    DerBuffer*     der = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    EncryptedInfo* info = NULL;
+#else
+    EncryptedInfo  info[1];
+#endif
+
+    WOLFSSL_ENTER("wc_KeyPemToDer");
+
+    if (pem == NULL || buff == NULL || buffSz <= 0) {
+        WOLFSSL_MSG("Bad pem der args");
+        return BAD_FUNC_ARG;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
+                                   DYNAMIC_TYPE_ENCRYPTEDINFO);
+    if (info == NULL)
+        return MEMORY_E;
+#endif
+
+    XMEMSET(info, 0, sizeof(EncryptedInfo));
+    info->passwd_cb = OurPasswordCb;
+    info->passwd_userdata = (void*)pass;
+
+    ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, &eccKey);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
+#endif
+
+    if (ret < 0) {
+        WOLFSSL_MSG("Bad Pem To Der");
+    }
+    else {
+        if (der->length <= (word32)buffSz) {
+            XMEMCPY(buff, der->buffer, der->length);
+            ret = der->length;
+        }
+        else {
+            WOLFSSL_MSG("Bad der length");
+            ret = BAD_FUNC_ARG;
+        }
+    }
+
+    FreeDer(&der);
+    return ret;
+}
+
+
+/* Return bytes written to buff or < 0 for error */
+int wc_CertPemToDer(const unsigned char* pem, int pemSz,
+                        unsigned char* buff, int buffSz, int type)
+{
+    int            eccKey = 0;
+    int            ret;
+    DerBuffer*     der = NULL;
+
+    WOLFSSL_ENTER("wc_CertPemToDer");
+
+    if (pem == NULL || buff == NULL || buffSz <= 0) {
+        WOLFSSL_MSG("Bad pem der args");
+        return BAD_FUNC_ARG;
+    }
+
+    if (type != CERT_TYPE && type != CA_TYPE && type != CERTREQ_TYPE) {
+        WOLFSSL_MSG("Bad cert type");
+        return BAD_FUNC_ARG;
+    }
+
+
+    ret = PemToDer(pem, pemSz, type, &der, NULL, NULL, &eccKey);
+    if (ret < 0) {
+        WOLFSSL_MSG("Bad Pem To Der");
+    }
+    else {
+        if (der->length <= (word32)buffSz) {
+            XMEMCPY(buff, der->buffer, der->length);
+            ret = der->length;
+        }
+        else {
+            WOLFSSL_MSG("Bad der length");
+            ret = BAD_FUNC_ARG;
+        }
+    }
+
+    FreeDer(&der);
+    return ret;
+}
+
+#endif /* WOLFSSL_PEM_TO_DER */
+#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
+
+
+#ifndef NO_FILESYSTEM
+
+#ifdef WOLFSSL_PEM_TO_DER
+#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
+/* Return bytes written to buff or < 0 for error */
+int wc_PubKeyPemToDer(const unsigned char* pem, int pemSz,
+                           unsigned char* buff, int buffSz)
+{
+    int ret;
+    DerBuffer* der = NULL;
+
+    WOLFSSL_ENTER("wc_PubKeyPemToDer");
+
+    if (pem == NULL || buff == NULL || buffSz <= 0) {
+        WOLFSSL_MSG("Bad pem der args");
+        return BAD_FUNC_ARG;
+    }
+
+    ret = PemToDer(pem, pemSz, PUBLICKEY_TYPE, &der, NULL, NULL, NULL);
+    if (ret < 0) {
+        WOLFSSL_MSG("Bad Pem To Der");
+    }
+    else {
+        if (der->length <= (word32)buffSz) {
+            XMEMCPY(buff, der->buffer, der->length);
+            ret = der->length;
+        }
+        else {
+            WOLFSSL_MSG("Bad der length");
+            ret = BAD_FUNC_ARG;
+        }
+    }
+
+    FreeDer(&der);
+    return ret;
+}
+#endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
+#endif /* WOLFSSL_PEM_TO_DER */
+
+#ifdef WOLFSSL_CERT_GEN
 /* load pem cert from file into der buffer, return der size or error */
-int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
+int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
 {
 #ifdef WOLFSSL_SMALL_STACK
     byte   staticBuffer[1]; /* force XMALLOC */
@@ -7822,7 +7978,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
     XFILE  file    = XFOPEN(fileName, "rb");
     DerBuffer* converted = NULL;
 
-    WOLFSSL_ENTER("wolfSSL_PemCertToDer");
+    WOLFSSL_ENTER("wc_PemCertToDer");
 
     if (file == XBADFILE) {
         ret = BUFFER_E;
@@ -7851,9 +8007,11 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
             if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz) {
                 ret = BUFFER_E;
             }
+        #ifdef WOLFSSL_PEM_TO_DER
             else {
                 ret = PemToDer(fileBuf, sz, CA_TYPE, &converted,  0, NULL,NULL);
             }
+        #endif
 
             if (ret == 0) {
                 if (converted->length < (word32)derSz) {
@@ -7874,12 +8032,11 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
 
     return ret;
 }
-
 #endif /* WOLFSSL_CERT_GEN */
 
 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
 /* load pem public key from file into der buffer, return der size or error */
-int wolfSSL_PemPubKeyToDer(const char* fileName,
+int wc_PemPubKeyToDer(const char* fileName,
                            unsigned char* derBuf, int derSz)
 {
 #ifdef WOLFSSL_SMALL_STACK
@@ -7894,7 +8051,7 @@ int wolfSSL_PemPubKeyToDer(const char* fileName,
     XFILE  file    = XFOPEN(fileName, "rb");
     DerBuffer* converted = NULL;
 
-    WOLFSSL_ENTER("wolfSSL_PemPubKeyToDer");
+    WOLFSSL_ENTER("wc_PemPubKeyToDer");
 
     if (file == XBADFILE) {
         ret = BUFFER_E;
@@ -7919,11 +8076,15 @@ int wolfSSL_PemPubKeyToDer(const char* fileName,
                 dynamic = 1;
         }
         if (ret == 0) {
-            if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz)
+            if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz) {
                 ret = BUFFER_E;
-            else
+            }
+        #ifdef WOLFSSL_PEM_TO_DER
+            else {
                 ret = PemToDer(fileBuf, sz, PUBLICKEY_TYPE, &converted,
                                0, NULL, NULL);
+            }
+        #endif
 
             if (ret == 0) {
                 if (converted->length < (word32)derSz) {
@@ -7945,6 +8106,7 @@ int wolfSSL_PemPubKeyToDer(const char* fileName,
     return ret;
 }
 #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
+
 #endif /* !NO_FILESYSTEM */
 
 
@@ -10714,7 +10876,7 @@ int wc_SetSubjectKeyId(Cert *cert, const char* file)
         return MEMORY_E;
     }
 
-    derSz = wolfSSL_PemPubKeyToDer(file, der, MAX_PUBLIC_KEY_SZ);
+    derSz = wc_PemPubKeyToDer(file, der, MAX_PUBLIC_KEY_SZ);
     if (derSz <= 0)
     {
         XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
@@ -10876,7 +11038,7 @@ int wc_SetAuthKeyId(Cert *cert, const char* file)
         return MEMORY_E;
     }
 
-    derSz = wolfSSL_PemCertToDer(file, der, EIGHTK_BUF);
+    derSz = wc_PemCertToDer(file, der, EIGHTK_BUF);
     if (derSz <= 0)
     {
         XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
@@ -11300,7 +11462,7 @@ int wc_SetIssuer(Cert* cert, const char* issuerFile)
         WOLFSSL_MSG("wc_SetIssuer OOF Problem");
         return MEMORY_E;
     }
-    derSz = wolfSSL_PemCertToDer(issuerFile, der, EIGHTK_BUF);
+    derSz = wc_PemCertToDer(issuerFile, der, EIGHTK_BUF);
     cert->selfSigned = 0;
     ret = SetNameFromCert(&cert->issuer, der, derSz);
     XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
@@ -11320,7 +11482,7 @@ int wc_SetSubject(Cert* cert, const char* subjectFile)
         WOLFSSL_MSG("wc_SetSubject OOF Problem");
         return MEMORY_E;
     }
-    derSz = wolfSSL_PemCertToDer(subjectFile, der, EIGHTK_BUF);
+    derSz = wc_PemCertToDer(subjectFile, der, EIGHTK_BUF);
     ret = SetNameFromCert(&cert->subject, der, derSz);
     XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
 
@@ -11341,7 +11503,7 @@ int wc_SetAltNames(Cert* cert, const char* file)
         WOLFSSL_MSG("wc_SetAltNames OOF Problem");
         return MEMORY_E;
     }
-    derSz = wolfSSL_PemCertToDer(file, der, EIGHTK_BUF);
+    derSz = wc_PemCertToDer(file, der, EIGHTK_BUF);
     ret = SetAltNamesFromCert(cert, der, derSz);
     XFREE(der, cert->heap, DYNAMIC_TYPE_CERT);
 
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 880f3cd4b..6dfb19a01 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -1042,12 +1042,12 @@ static int _SaveDerAndPem(const byte* der, int derSz,
     #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
         FILE* pemFile;
     #endif
-
+    #ifdef WOLFSSL_DER_TO_PEM
         pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType);
         if (pemSz < 0) {
             return errBase + 2;
         }
-
+    #endif
     #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
         pemFile = fopen(filePem, "wb");
         if (!pemFile) {
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 244d0e086..ad7cc6696 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1702,10 +1702,14 @@ WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int);
 WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*);
 WOLFSSL_API int wolfSSL_GetVersion(WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);
-WOLFSSL_API int wolfSSL_KeyPemToDer(const unsigned char*, int,
-                                    unsigned char*, int, const char*);
-WOLFSSL_API int wolfSSL_CertPemToDer(const unsigned char*, int,
-                                     unsigned char*, int, int);
+
+/* moved to asn.c, old names kept for backwards compatability */
+#define wolfSSL_KeyPemToDer    wc_KeyPemToDer
+#define wolfSSL_CertPemToDer   wc_CertPemToDer
+#define wolfSSL_PemPubKeyToDer wc_PemPubKeyToDer
+#define wolfSSL_PubKeyPemToDer wc_PubKeyPemToDer
+#define wolfSSL_PemCertToDer   wc_PemCertToDer
+
 
 typedef void (*CallbackCACache)(unsigned char* der, int sz, int type);
 typedef void (*CbMissingCRL)(const char* url);
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 04205cebc..3866dabd6 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1323,7 +1323,7 @@ static INLINE void OCSPRespFreeCb(void* ioCtx, unsigned char* response)
             return MEMORY_E;
         }
 
-        ret = wolfSSL_KeyPemToDer(buf, (word32)bufLen, *derBuf, (word32)bufLen, NULL);
+        ret = wc_KeyPemToDer(buf, (word32)bufLen, *derBuf, (word32)bufLen, NULL);
         if (ret < 0) {
             free(buf);
             free(*derBuf);
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index 803a4d7d9..a849bb9e5 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -340,16 +340,40 @@ WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz,
 #endif /* WOLFSSL_CERT_GEN */
 
 
+#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
+
+    WOLFSSL_API int wc_PemGetHeaderFooter(int type, const char** header, 
+        const char** footer);
+
+#endif
+
+#ifdef WOLFSSL_PEM_TO_DER
+    WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type,
+              DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey);
+
+    WOLFSSL_API int wc_KeyPemToDer(const unsigned char*, int,
+                                   unsigned char*, int, const char*);
+    WOLFSSL_API int wc_CertPemToDer(const unsigned char*, int,
+                                    unsigned char*, int, int);
+#endif /* WOLFSSL_PEM_TO_DER */
+
 #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
     #ifndef NO_FILESYSTEM
-        WOLFSSL_API int wolfSSL_PemPubKeyToDer(const char* fileName,
-                                               unsigned char* derBuf, int derSz);
+        WOLFSSL_API int wc_PemPubKeyToDer(const char* fileName,
+                                          unsigned char* derBuf, int derSz);
     #endif
 
-    WOLFSSL_API int wolfSSL_PubKeyPemToDer(const unsigned char*, int,
-                                           unsigned char*, int);
+    WOLFSSL_API int wc_PubKeyPemToDer(const unsigned char*, int,
+                                      unsigned char*, int);
 #endif /* WOLFSSL_CERT_EXT || WOLFSSL_PUB_PEM_TO_DER */
 
+#ifdef WOLFSSL_CERT_GEN
+    #ifndef NO_FILESYSTEM
+        WOLFSSL_API int wc_PemCertToDer(const char* fileName,
+                                        unsigned char* derBuf, int derSz);
+    #endif
+#endif /* WOLFSSL_CERT_GEN */
+
 #ifdef WOLFSSL_DER_TO_PEM
     WOLFSSL_API int wc_DerToPem(const byte* der, word32 derSz, byte* output,
                                 word32 outputSz, int type);
@@ -357,18 +381,6 @@ WOLFSSL_API int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz,
                                 word32 outputSz, byte *cipherIno, int type);
 #endif
 
-WOLFSSL_API int wc_PemGetHeaderFooter(int type, const char** header, 
-    const char** footer);
-WOLFSSL_API int wc_PemToDer(const unsigned char* buff, long longSz, int type,
-          DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey);
-
-#ifdef WOLFSSL_CERT_GEN
-#ifndef NO_FILESYSTEM
-    WOLFSSL_API int wolfSSL_PemCertToDer(const char* fileName,
-                                         unsigned char* derBuf, int derSz);
-#endif
-#endif /* WOLFSSL_CERT_GEN */
-
 #ifdef HAVE_ECC
     /* private key helpers */
     WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*,
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index b7b561e00..e18a91679 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -1666,6 +1666,13 @@ extern void uITRON4_free(void *p) ;
     #endif
 #endif
 
+/* support for disabling PEM to DER */
+#if !defined(WOLFSSL_NO_PEM)
+    #undef  WOLFSSL_PEM_TO_DER
+    #define WOLFSSL_PEM_TO_DER
+#endif
+
+
 #ifdef __cplusplus
     }   /* extern "C" */
 #endif