What Is a .pem File? Navigating Its Creation, Use, and Conversion in SSL

What Is a .pem File

Imagine this: you’re on the verge of securing your website with an SSL certificate to provide visitors with a trusted, encrypted connection. You’ve heard it’s essential in protecting sensitive data and boosting your website’s credibility. But as you install your cert, you need a .pem file to complete the configuration.

So, what is a .pem file? And why do you need it in the first place? This guide offers all the answers. Moreover, you’ll learn how to create a .pem file and open it on your operating system. Let’s get started!

Table of Contents

  1. What Is a .pem File?
  2. How to Use a .pem File for SSL Certificates?
  3. How to Open a .pem File?
  4. How to Create a .pem File?
  5. How to Convert a .pem File?

What Is a .pem File?

A PEM (Privacy Enhanced Mail) file, in the context of computer security and cryptography, is a commonly used container format that includes cryptographic information. It may contain the public certificate or the entire SSL chain (private and public keys, root and intermediate certificates, and the end user certificate).

The name PEM originally comes from the email encryption standard, but it’s now used more broadly for various data types. It’s encoded in base64 and has a specific structure and header that indicate the type of data it contains.

PEM files have extensions like .pem, .crt, .cer, or .key. They have one or more items, which are often delimited by markers like “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” for X.509 certificates or “—–BEGIN PRIVATE KEY—–” and “—–END PRIVATE KEY—–” for private keys.

PEM files can include the following certificates and RSA Keys:

  1. Server Certificate: This file contains information about the public key and the associated identity used in secure web communication (HTTPS) or email encryption (S/MIME).
  2. Private Key: These files contain the part of an asymmetric key pair that decrypts data.
  3. The Root and Intermediate Certificate: Certificate Authority certificates verify the authenticity of other certificates, forming the basis for the trust infrastructure in web security.
  4. Other cryptographic objects and parameters.

Now that you understand the basics of .pem files, let’s see a PEM certificate file example.

What Is a .pem File Example?

The .pem file format stores SSL certificates in separate multiple blocks and a specific chain order. Depending on your server type, you may need a PEM file with multiple certificates like the server and intermediate certificates, or a file with the private key and the entire trust chain.

Here’s what it would include if you were to install a Sectigo SSL certificate:

  • The RSA Private Key – your_domain_name.key
  • The Primary Certificate – your_domain_name.crt
  • The Intermediate Certificate – SectigoRSA.crt
  • The Root Certificate –USERTrustRSACertificationAuthorityCARoot.crt

And here’s what you’d find if you were to open it:

(Your Private Key: your_domain_name.key)
(Your Primary SSL certificate: your_domain_name.crt)
(Your Intermediate certificate: SectigoRSA.crt)
(Your Trust Chain Root certificate: USERTrustRSACertificationAuthorityCARoot.crt)

Always check your server’s SSL installation guidelines for the correct file format and certificate order.

How to Use a .pem File for SSL Certificates?

To use a .pem file for SSL certificates, you should configure your web server with the appropriate certificate and key files.

First, you’ll need to generate a .pem file, which includes the certificates issued by your SSL provider, and place them in a specific server location. Once you have the file, you can use it in both Nginx and Apache web servers.

In Nginx, you must specify the path to the .pem file in the server configuration. For Apache, you’ll need to specify the SSLCertificateFile and SSLCertificateKeyFile directives in the virtual host configuration.

Using the .pem text file ensures that your web server has the necessary SSL certificates to enable secure HTTPS encryption for your domain.

Follow the correct configuration steps; otherwise, you may face SSL connection errors and website outages.

How to Open a .pem File?

The easiest and quickest way to open a .pem certificate file is with a text editor like Notepad (on Windows), TextEdit (on macOS), or any text editor on Linux.

Another option is the Certificate Viewer: If the PEM file contains X.509 certificates, you can use a certificate viewer or management tool to open and view the certificate.

Windows: Use the built-in “Certificate Manager.” You can access it by pressing Win + R, typing:


and hitting Enter. Then, import your file and view the certificate.

macOS: Use the Keychain Access app to import and view certificates.

Linux: Tools like OpenSSL can display certificates from the command line. To view a certificate in a PEM file, use the following command:

openssl x509 -in your_cert.pem -text -noout

Finally, if the PEM file contains SSH keys, you can use the ssh-keygen tool to view its contents. The way you work with a PEM file depends on what’s inside. It could be a certificate, a private key, or other encoded data, so the tools and methods you use will vary accordingly.

How to Create a .pem File?

You can create such a file manually or via an external tool like OpenSSL. If you bought an SSL certificate from a CA, you can open the necessary SSL files and then copy and paste the contents into another file with the PEM file extension. Keep the correct certificate order as per your provider’s guidelines. Go back to our PEM example to see the correct certificate sequence.

How to Generate a .pem File With OpenSSL?

To generate a .pem file with OpenSSL, you’ll need to follow these steps:

  1. Install OpenSSL on your system if you haven’t already.
  2. Open a command prompt or terminal.
  3. Navigate to the directory where you want to generate the .pem file.
  4. Run the following command to generate a private key and CSR (Certificate Signing Request) file:

    openssl req -newkey rsa:2048 -nodes -keyout private.key -out csr.csr
  5. Follow the prompts to enter the necessary information for the CSR.
  6. Next, run the following command to create the .pem file:

    openssl x509 -req -in csr.csr -signkey private.key -out certificate.pem

OpenSSL will create it in the same directory.

How to Generate a .pem File From a Private Key?

Now, let’s generate a .pem file from a private key. To accomplish this, we’ll use OpenSSL again:

  1. Open a terminal or command prompt.
  2. Navigate to the directory with your private key.
  3. Run this command:

    openssl rsa -in private.key -outform PEM -out private.pem

That’s it. This command converts your private key to the PEM format.

How to Get the Private Key From a .pem File?

Here are the steps to get the private key via OpenSSL:

  1. Open a terminal or command prompt.
  2. Navigate to the directory with the .pem file.
  3. Run this command:

    openssl rsa -in yourfile.pem -out privatekey.pem
  4. Replace ‘yourfile.pem’ with your .pem file name.
  5. Enter the passphrase when prompted.

This command extracts the private key and saves it as ‘privatekey.pem’ in the same directory.

How to Convert a .pem File?

You can convert a .pem file via OpenSSL or an external file converter tool. Popular conversions include switching from PEM to PFX or CRT extensions. Our guide on SSL certificate formats and conversion tools covers every format and conversion in great detail.

How to Convert a .crt File to .pem with OpenSSL

  1. Open your terminal or command prompt.
  2. Use the following command to convert the .crt file to a .pem file:

    openssl x509 -in your_certificate.crt -out your_certificate.pem -outform PEM
  3. Replace your_certificate.crt with the actual name of your .crt file and your_certificate.pem with the desired name for the .pem file.

Keep in mind that both .crt and .pem can contain the same certificate data, so this conversion is mostly about changing the file extension and ensuring that the file is in the PEM format.

How to Create a .pem File from .crt

Creating a .pem certificate file from a .crt file involves a conversion process, but since a .crt file is essentially a certificate in the PEM format, you don’t need to perform any additional steps to convert it. If you want to create a .pem file from a .crt file, you can rename the file extension.

You can right-click the file on Windows, select “Rename,” and change the .crt to .pem.


Is .crt and .pem the Same?

While both .crt and .pem files can contain certificates, they aren’t identical. A .crt file typically contains only the certificate, whereas a .pem file can contain both the certificate and the private key.

Is a .pem File a Private Key?

A .pem file can contain a private key, but it doesn’t always. It is a container format that can include just the public certificate or the entire certificate chain (private key, public certificate, root certificates).

Does .pem Contain a Public Key?

Yes, a .pem file can store a standalone public key, a private key, a certificate, or a combination of these.

Does .pem Contain the Root Certificate?

A PEM file can contain a root certificate, but it may also contain intermediate certificates and end-entity certificates depending on its purpose and context.

Can Windows Use .pem?

Yes, Windows can use .pem files. However, certain Windows applications and services, especially those related to Microsoft, might require the certificates and keys to be in a different format, like .pfx or .cer. You can convert .pem files to these formats using tools like OpenSSL.

Are .pem Files Base64 Encoded?

Yes, .pem files are Base64 encoded. This encoding format allows the binary data of the certificate or key to be represented in ASCII format, making it easier to transmit and store. The readable “—–BEGIN…” and “—–END…” headers and footers in a .pem file encapsulate the Base64 encoded content.


In conclusion, PEM is just one of the multiple file formats that store cryptographic keys and digital certificates. Managing certificate files and navigating through different extensions is straightforward when you use OpenSSL or other conversion tools.

By learning how to open, convert, and generate .pem files, you can install and configure your SSL certificates on any server and client.

So, whether you’re a developer, IT professional, or simply curious, learning how to use .pem files will help enhance security in various applications and protocols.

Save 10% on SSL Certificates when ordering today!

Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10

Written by

Experienced content writer specializing in SSL Certificates. Transforming intricate cybersecurity topics into clear, engaging content. Contribute to improving digital security through impactful narratives.