Rate this article: 
(31 votes, average: 4.65)
Loading...
Here’s the ultimate answers to your PEM certificate file questions
After years of push by the browser and security communities, ordinary website owners have finally realized the importance of an SSL/TLS certificate. As a result, most website owners get an SSL certificate as soon as they build their website. But many are new to this territory, and could get hung up on some of the complexities of the cybersecurity world. One of those complexities could be the PEM certificate file. Therefore, in this post, we’ll be discussing what a PEM certificate file is and how you can create one.
Single Domain SSL Certificates — Save Up to 85%!
Tip: You can typically save a significant amount by buying your SSL certificate direct instead of through your web hosting company. We sell all Comodo single domain SSL certificates at up to 85% off.
A PEM Certificate File is…
Before we answer this question, let us tell you something. When you purchase a security certificate (typically, an SSL certificate), your certificate authority is supposed to send you the certificate – which is nothing but a bunch of files that includes a CA server certificate, intermediate certificate, and the private key. Usually, these files are encoded in a single file — “container,” as some call it – and sent through email. PEM (privacy enhanced mail) is one such container file type.
PEM is a container format for digital certificates and keys, most notably used by Apache and other web server platforms. In simpler words, it’s a file extension of a file that contains a bunch of certificate files. A PEM file is often used for X.509 certificates, and it’s a text file that consists of Base64 encoding of the certificate text, a plain-text header, and footer marking the beginning and end of the certificate. Here’s what it looks like:
# Private key
-----BEGIN PRIVATE KEY-----MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBj08sp5++4anGcmQxJjAkBgNVBAoTHVByb2dyZXNzIFNvZnR3YXJlIENvcnBvcmF0aW9uMSAwHgYDVQQDDBcqLmF3cy10ZXN0LnByb2dyZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD...bml6YXRpb252YWxzaGEyZzIuY3JsMIGgBggrBgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nvcmdhz3P668YfhUbKdRF6S42Cg6zn-----END PRIVATE KEY-----# Server CA certificate
-----BEGIN CERTIFICATE-----MIIFaDCCBFCgAwIBAgISESHkvZFwK9Qz0KsXD3x8p44aMA0GCSqGSIb3DQEBCwUAVQQDDBcqLmF3cy10ZXN0LnByb2dyZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMGPTyynn77hqcYnjWsMwOZDzdhVFY93s2OJntMbuKTHn39B...bml6YXRpb252YWxzaGEyZzIuY3JsMIGgBggrBgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzJyMS5jcnQwPwYIKwYBBQUHMAGGM2h0dHA6Ly9vY3NwlffygD5IymCSuuDim4qB/9bh7oi37heJ4ObpBIzroPUOthbG4gv/5blW3Dc=-----END CERTIFICATE-----# Trust chain intermediate certificate
-----BEGIN CERTIFICATE-----MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkGC33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchjSHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj...dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYBK1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=-----END CERTIFICATE-----# Trust chain root certificate
-----BEGIN CERTIFICATE-----MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkGYWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxTaWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ...jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9Lhji*zJrglfCm7ymPHMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==-----END CERTIFICATE-----How to Create a PEM Certificate File
Like some people, some servers also can be demanding. If your server is one of them and is asking you for a PEM file, then there’s no option but to meet its demand. But no need to worry as creating a PEM certificate file is as smooth as pie. Follow the below steps to do so:
- First, download intermediate certificate, root certificate, primary certificate, and private key files sent by your certificate authority.
- Now, open a text editor (such as Notepad) and paste the entire body of all certificates and private key in the below order:
- The Private Key
- The Primary Certificate
- The Intermediate Certificate
- The Root Certificate
- Add the starting and ending tags, as shown below:
-----BEGIN RSA PRIVATE KEY-----(Your Private Key)-----END RSA PRIVATE KEY----------BEGIN CERTIFICATE-----(Your Primary SSL certificate)-----END CERTIFICATE----------BEGIN CERTIFICATE-----(Your Intermediate certificate)-----END CERTIFICATE----------BEGIN CERTIFICATE-----(Your Root certificate)-----END CERTIFICATE-----3. Finally, save the file as your_domain_name.pem.
Congratulations! You just created a PEM certificate file on your own. Smooth as a pie, wasn’t it?
Save Up to 75% On
Comodo SSL Certificates
Tip: You can typically save a significant amount by buying your SSL certificate direct instead of through your web hosting company. We sell all Comodo SSL certificates at up to 75% off.
Related posts:
- How to Fix the NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN Google Chrome Error
- How to Install a Wildcard SSL Certificate on Apache
- Best WooCommerce SSL Provider — Get Up to 80% Off on WooCommerce SSL
- What Is a CA Signed Certificate & How Do I Get One?
- A SSL Certificate File Extension Explanation: PEM, PKCS7, DER, and PKCS#12
- What Is an RSA Algorithm in Cryptography?
- Revealed: The Most Trusted SSL Certificates for 2020
- Steps to Install a Windows SSL Certificate on Windows (IIS) Server
