Nominative signature is an useful cryptographic primitive to limit the publicly verifiable property of ordinary digital signature. In a nominative signature scheme, a nominator and a nominee jointly generate a signature in such a way that only the nominee can check the validity of the signature and further convince a third party of the fact. An extended concept, convertible nominative signature, equips the nominee with the additional ability to convert a nominative signature into a publicly verifiable one. In this paper, we propose a convertible nominative signature scheme based on RSA signature. The security of our scheme is formally proven in the random oracle model under some well-known complexity assumptions.