How to Create PEM File?

How to Create PEM File?

PEM File Format Overview

PEM, which stands for Privacy Enhanced Mail, is a widely used file format for storing and transferring encrypted data, particularly certificates and cryptographic keys. A file with a .PEM extension serves as a container for encrypted information stored within.

PEM is the most commonly used format for issuing certificates. It encodes the data in Base64, making it easier for web servers to read and understand. These files can be opened and reviewed with basic text editors such as Notepad or VIM.

In open-source systems, a PEM file containing private keys is typically identified by the .key extension, whereas a PEM file holding certificates will usually have a .cer, .crt, or .pem extension.

What Does a PEM File Contain?

A private key within a PEM file will appear like this:

-----BEGIN PRIVATE KEY-----
[Base64 encoded data]
-----END PRIVATE KEY-----

A certificate within a PEM file will appear as:

-----BEGIN CERTIFICATE-----
[Base64 encoded data]
-----END CERTIFICATE-----

How to Convert Other Certificate Formats to PEM?

Depending on the provider or method of creation, the default format of your certificate may vary. Often, certificates are in PEM format, which is readily usable. However, in some cases, the certificate may be in a different format, such as P7B-PKCS#7, PFX-PKCS#12, or DER. To use these certificates, you'll need to convert them into PEM format. You can achieve this using either of two methods:

  • Using an online tool, such as the SSL Converter from SSL Shopper
  • Using OpenSSL commands

For the first method, simply upload the file and let the website handle the conversion automatically. For the second method, special commands need to be executed. Below are the commands for converting DER, P7B, and PFX files to PEM.

# Converting DER to PEM
openssl x509 -inform der -in certificate.cer -out certificate.pem

# Converting P7B to PEM
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem

# Converting PFX to PEM
openssl pkcs12 -in certname.pfx -nokeys -out certificate.pem
openssl pkcs12 -in certname.pfx -nocerts -out private.key -nodes

Creating a Trust Chain

For your SSL/TLS certificate to function properly, it is essential to upload an SSL Certificate Trust Chain, not just a simple certificate. This ensures that your website will be accessible across various browsers under the HTTPS protocol.

Trust Chain Overview:

  • The SSL/TLS server certificate
  • The Intermediate certificate(s), if applicable
  • The Root certificate

For example, when you receive a certificate from a Certificate Authority (CA), the chain includes the CA's root certificate, any intermediate certificates, and the server certificate itself.


    • Related Articles

    • Adding DNS Records with a Zone File on VergeCloud: A Complete Guide

      How to Upload the DNS Zone File to VergeCloud User Panel In DNS architecture, a Zone represents the administrative control of a domain and its sub-domains. When a new domain is created, a corresponding Zone is established, which stores the domain ...

    • Using a Custom SSL Certificate on VergeCloud: Secure Your Website with Confidence

      Custom SSL Certificate You can continue utilizing your custom SSL certificate by navigating to the VergeCloud HTTPS Settings. Introduction Custom SSL certificates are essential for securing data transmitted over the internet. With VergeCloud, users ...

    • How to Export Chained Certificate from Browser?

      Exporting a Chained Certificate from Browsers Learn how to obtain a chained SSL certificate using Mozilla Firefox or Google Chrome. Follow these steps for each browser: Mozilla Firefox Open your website in Firefox. Click the lock icon beside the URL ...

    • How to Export and Import a Private Key Using MMC and IIS Manager?

      Exporting a Private Key from Windows Server To export a private key, you must create a .pfx file using the following steps: 1. Create an MMC Snap-in Right-click the Start button and select Run. Type mmc and press OK. In the MMC window, go to File > ...

    • Steps to Build an SSL Certificate Trust Chain

      Why SSL Certificate Trust Chain Is Important? To ensure your website operates smoothly with HTTPS across all browsers and devices, it's essential to implement an SSL Certificate Trust Chain instead of using just one certificate. What You Need ...