What is a PEM Certificate File & How Do I Create a PEM File?

Rate this article: 1 Star2 Stars3 Stars4 Stars5 Stars (31 votes, average: 4.65)
Loading...

Here’s the ultimate answers to your PEM certificate file questions

After years of push by the browser and security communities, ordinary website owners have finally realized the importance of an SSL/TLS certificate. As a result, most website owners get an SSL certificate as soon as they build their website. But many are new to this territory, and could get hung up on some of the complexities of the cybersecurity world. One of those complexities could be the PEM certificate file. Therefore, in this post, we’ll be discussing what a PEM certificate file is and how you can create one.

SSL Certificate with Comodo Secure Logo

Single Domain SSL Certificates — Save Up to 85%!

Tip: You can typically save a significant amount by buying your SSL certificate direct instead of through your web hosting company. We sell all Comodo single domain SSL certificates at up to 85% off.

Shop for Single Domain SSL Certificates

A PEM Certificate File is…

Before we answer this question, let us tell you something. When you purchase a security certificate (typically, an SSL certificate), your certificate authority is supposed to send you the certificate – which is nothing but a bunch of files that includes a CA server certificate, intermediate certificate, and the private key. Usually, these files are encoded in a single file — “container,” as some call it – and sent through email. PEM (privacy enhanced mail) is one such container file type.

PEM is a container format for digital certificates and keys, most notably used by Apache and other web server platforms. In simpler words, it’s a file extension of a file that contains a bunch of certificate files. A PEM file is often used for X.509 certificates, and it’s a text file that consists of Base64 encoding of the certificate text, a plain-text header, and footer marking the beginning and end of the certificate. Here’s what it looks like:

# Private key

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDBj08sp5++4anG
cmQxJjAkBgNVBAoTHVByb2dyZXNzIFNvZnR3YXJlIENvcnBvcmF0aW9uMSAwHgYD
VQQDDBcqLmF3cy10ZXN0LnByb2dyZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
...
bml6YXRpb252YWxzaGEyZzIuY3JsMIGgBggrBgEFBQcBAQSBkzCBkDBNBggrBgEF
BQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nvcmdh
z3P668YfhUbKdRF6S42Cg6zn
-----END PRIVATE KEY-----

# Server CA certificate

-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISESHkvZFwK9Qz0KsXD3x8p44aMA0GCSqGSIb3DQEBCwUA
VQQDDBcqLmF3cy10ZXN0LnByb2dyZXNzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMGPTyynn77hqcYnjWsMwOZDzdhVFY93s2OJntMbuKTHn39B
...
bml6YXRpb252YWxzaGEyZzIuY3JsMIGgBggrBgEFBQcBAQSBkzCBkDBNBggrBgEF
BQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3Nvcmdh
bml6YXRpb252YWxzaGEyZzJyMS5jcnQwPwYIKwYBBQUHMAGGM2h0dHA6Ly9vY3Nw
lffygD5IymCSuuDim4qB/9bh7oi37heJ4ObpBIzroPUOthbG4gv/5blW3Dc=
-----END CERTIFICATE-----

# Trust chain intermediate certificate

-----BEGIN CERTIFICATE-----
MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG
C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj
SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj
...
dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow
KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB
K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=
-----END CERTIFICATE-----

# Trust chain root certificate

-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT
aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ
...
jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp
38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
-----END CERTIFICATE-----

How to Create a PEM Certificate File

Like some people, some servers also can be demanding. If your server is one of them and is asking you for a PEM file, then there’s no option but to meet its demand. But no need to worry as creating a PEM certificate file is as smooth as pie. Follow the below steps to do so:

  1. First, download intermediate certificate, root certificate, primary certificate, and private key files sent by your certificate authority.
  2. Now, open a text editor (such as Notepad) and paste the entire body of all certificates and private key in the below order:
  • The Private Key
    • The Primary Certificate
    • The Intermediate Certificate
    • The Root Certificate
  • Add the starting and ending tags, as shown below:
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate)
-----END CERTIFICATE-----

3. Finally, save the file as your_domain_name.pem.

Congratulations! You just created a PEM certificate file on your own. Smooth as a pie, wasn’t it?

Save Up to 75% On

Comodo SSL Certificates

Tip: You can typically save a significant amount by buying your SSL certificate direct instead of through your web hosting company. We sell all Comodo SSL certificates at up to 75% off.

Save Up to 75% On

Comodo SSL Certificates