نویسنده : Arvan

Creating a .PEM File for SSL/TLS Certification Installation

linkedin

Privacy Enhanced Mail, or as it is commonly known PEM, is a file format widely used for storing and transferring encrypted data, especially certificates and cryptographic keys. A file with .PEM extension acts as a container of encrypted data placed within.
PEM is the most common format to issue certificates. It encodes data using Base64, which makes it easier to be translated and understood by web servers. They actually can be opened and checked using a simple text editor like Notepad or VIM.
In an open-source system, a PEM file containing private keys can usually be recognized with its .key extension, whereas a PEM file containing certificates has a .cer, .crt, or .pem format.

What does a PEM file look like?

A private key within a PEM file will look like this:

-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCuaGs3MHEOUMvO
v7QLx1cAgx7BDMHE0eq70/A+JZlYjDL7IAcoubgibfRWyEPombDF/TtnOzuYXuNT
tkGVK+iOI3HbTgVANOrhIhTO91Vh3MDBftlNdzsYg4Ct/dZfvwGixgVfOza5nYcP
SFJ5r89fre1EV/3QA3m+oPYimejcTCwEcByxxP7unmoxR9wJMYCmF3IOtRKGMhCn
IbmIRwvaQ0yeCk9vh4WoZBbqJx4pVXmqz5D4IfDt2E41NiecWVoNHMTEF9xE2Few
3tPyfMMtqQH713DiVNmLBjHkJLK8a/ev2NjFMg8KTZ0hlVyaeBZDPz0iNk3iaeXf
pspZ42kPAgMBAAECggEANcqEzufE5spqoaCkskFQBxtpv9bkaITp5fZvEWvdSN8s
1iFBtADb1tqc0qs/rpzAVcBNswAk2FDjwizjO1PojPZHpoEAw5XOn5M4YcEM93rz
hHpQIUFV27CrXn58wNkTcxWqEH4d2c/JGSCQN3HO/s6Q8FRHNwHraa0RXQilNlRR
OKSyDZTMyTOB0zBxXR5eJ1izXISgJVhL+UTb1VUj+XdhmSVqP45p2dhJWTyGHy6O
taQDo7mUB+gTJzmLbFJxX2Hl50mh9R/Y3fLwGyg3uLBiibMq8ajFSPGgRTkdx+EY
PjRuDHLZ2qSCwqrUUuI2X1qAaOyLI+hdjlMlz048QQKBgQDk6kC33UmLGQSO+kqz
+j8Zh9lnEMU49Gfq0x4VZjnp9qzj9/8Cl+cOoAxcb1ZzQITvGf0ww85dhSPKh68x
QSfefJRm1z6JVyjCVOUYWCN3XTxp7tZMXvSe0ED+HWw96EA8P83QqsMLlH6YkZLq
as6K4R9iAtO14tIVoPeVAfZLYQKBgQDDCypU6A08aWyt9Bncfb6mUhheL7LFMRK9
fFxvWuSGLSeZ0hFjGGNJjIOcUUZvnXYTYmuYRrNnNtqY/UvB4ubWncbnU6HY/eZS
ejWp2GDiU9yGfvGObwoRv7X5341LKR4KJcdsC5QoDl43mceQ5xjXnsECh/Lssm5E
GLsWJ/z6bwKBgELtfliDeVIS0XNgGGFAhBxZzKVGkPMS+iL88Km/BqWx+mB4jHVc
pjBveM25u6PctEEX7x/Hz9kl6Q34167l5ts0v0rGGcGb2w3eNlEEy/HFL7mlG8Ce
bpTUPHxPa+s5sTYsTWd51abYFp9SyIqDCbovEbbdLrraAyRRuLE3LqRhAoGAQ7V5
kZYpGiLDDrRh0fB5IcX4HaJTXi9GAS/N6v5TvNyqFbUeQhdySFMWUUrJt++i0OHm
1isdFqStSFUOWpWJa1HEfgPDeM/TiChSvs6V+5v/P1WMR9T2WukBpGfd5gy1F/K7
gx+V5D3wqT6iUARZ1GiROm61f0QGEW/AatWg9dMCgYAAnR/QIVTUV+LuINT9lBUs
v7lqQzo8wUC2Itn6nD3zmKiJb/lvA/jSZAXMGc3oqBS+ocznKrABp39MONj6Bp7l
zvrNHuO8L5v7kK24snyyBfyizu03IbkHUOiIs5rXuD1N6fVG2XKQv9QsUm6NZp0o
1uGia9hksHK00QOXRhsGdA==
-----END PRIVATE KEY-----

And a certificate within a PEM file will have a structure like:

-----BEGIN CERTIFICATE-----
MIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G
A1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2VydGlmaWNhdGUgYXV0aG9y
aXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdudVRMUyBjZXJ0aWZpY2F0
ZSBhdXRob3JpdHkwHhcNMTEwNTIzMjAzODIxWhcNMTIxMjIyMDc0MTUxWjB9MQsw
CQYDVQQGEwJCRTEPMA0GA1UEChMGR251VExTMSUwIwYDVQQLExxHbnVUTFMgY2Vy
dGlmaWNhdGUgYXV0aG9yaXR5MQ8wDQYDVQQIEwZMZXV2ZW4xJTAjBgNVBAMTHEdu
dVRMUyBjZXJ0aWZpY2F0ZSBhdXRob3JpdHkwWTATBgcqhkjOPQIBBggqhkjOPQMB
BwNCAARS2I0jiuNn14Y2sSALCX3IybqiIJUvxUpj+oNfzngvj/Niyv2394BWnW4X
uQ4RTEiywK87WRcWMGgJB5kX/t2no0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1Ud
DwEB/wQFAwMHBgAwHQYDVR0OBBYEFPC0gf6YEr+1KLlkQAPLzB9mTigDMAoGCCqG
M49BAMCA0gAMEUCIDGuwD1KPyG+hRf88MeyMQcqOFZD0TbVleF+UsAGQ4enAiEA
l4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo=
-----END CERTIFICATE-----

How to convert other certificate formats to PEM

The default format of the certificate you own differs depending on its provider or the way it was created. Most of the time, the certificate is a PEM file that can be used easily.
There will be cases where the certificate will be a file with a different format, such as P7B-PKCS#7, PFX-PKCS#12, or DER. In these cases, you need to convert the certificate into a PEM file. To do this, there are two options:

  • To convert the file using an online tool, like SSL Converter from SSL Shopper
  • To convert the certificate using OpenSSL commands

For the first path, you need to upload the file and let the website convert it automatically, while the second path needs special commands to be performed. Here are the commands to convert DER, P7B, and PFX files to PEM.

DER to PEM:

openssl x509 -inform der -in certificate.cer -out certificate.pem

P7B to PEM:

openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem

PFX to PEM:

openssl pkcs12 -in certname.pfx -nokeys -out certificate.pem openssl pkcs12 -in certname.pfx -nocerts -out private.key -nodes


Create a Trust Chain

For the SSL/TLS certificate to work properly, you need an SSL Certificate Trust Chain to be uploaded, instead of a simple certificate. This will let your website to be opened flawlessly in different browsers, under HTTPS protocol.
For more information, read ArvanCloud’s guide on creating a certificate trust chain.

مطالب مرتبط